CVE-2023-28362: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in actionpack.
References
- discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
- github.com/advisories/GHSA-4g8v-vg43-wpgf
- github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
- github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23
- github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml
Detect and mitigate CVE-2023-28362 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →