CVE-2023-28362: Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
(updated )
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362.
Versions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4
References
- discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
- github.com/advisories/GHSA-4g8v-vg43-wpgf
- github.com/rails/rails
- github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
- github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
- github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23
- github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml
- nvd.nist.gov/vuln/detail/CVE-2023-28362
Detect and mitigate CVE-2023-28362 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →