摘要:
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
安全等级: Low
公告ID: KylinSec-SA-2023-1128
发布日期: 2023年3月1日
关联CVE: CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-22797 | KY3.4-4A | rubygem-actionpack | Unaffected |
| CVE-2023-22797 | KY3.4-5 | rubygem-actionpack | Unaffected |
| CVE-2023-22797 | KY3.5.1 | rubygem-actionpack | Unaffected |
| CVE-2023-22797 | KY3.5.2 | rubygem-actionpack | Unaffected |
