CVE-2021-22885

Possible Information Disclosure / Unintended Method Execution in gem/rails

Identifier

CVE-2021-22885

Package Slug

gem/rails

Vulnerability

Possible Information Disclosure / Unintended Method Execution

Description

There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the redirect_to or polymorphic_url helper with untrusted user input.

Affected Versions

All versions starting from 2.0.0 before 5.2.4.6, all versions starting from 5.2.5 before 5.2.6, all versions starting from 6.0.0 before 6.0.3.7 all versions starting from 6.1.0 before 6.1.3.2

Solution

Upgrade to versions 5.2.6, 5.2.4.6, 6.0.3.7, 6.1.3.2 or above.

Last Modified

2021-05-12

source