CVE-2021-22885

Опубликовано: 27 мая 2021

Источник: debian

Описание

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
rails	fixed	2:6.0.3.7+dfsg-1		package

Примечания

https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6)

Связанные уязвимости

CVE-2021-22885

CVSS3: 7.5

ubuntu

больше 4 лет назад

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

CVE-2021-22885

CVSS3: 7.5

redhat

почти 5 лет назад

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

CVE-2021-22885

CVSS3: 7.5

nvd

больше 4 лет назад

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

openSUSE-SU-2021:1759-1

suse-cvrf

больше 4 лет назад

Security update for rubygem-actionpack-5_1

openSUSE-SU-2021:0797-1

suse-cvrf

больше 4 лет назад

Security update for rubygem-actionpack-5_1