← Back

Clearance

clearance

Vendor: Thoughtbot • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-23435
1Thoughtbot
1Clearance
Nov 21, 2024
Sep 12, 2021
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////exam...Show more
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).Show less