CVE-2021-22885
gem/rails
Possible Information Disclosure / Unintended Method Execution
There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the redirect_to
or polymorphic_url
helper with untrusted user input.
All versions starting from 5.2.0.0 before 5.2.4.6, all versions starting from 6.0.0.0 before 6.0.3.7, all versions starting from 6.1.0.0 before 6.1.3.1
Upgrade to versions 5.2.4.6, 6.0.3.7, 6.1.3.1 or above.
2021-05-12
source |