CVE-2021-22885

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22885

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22885.json

Aliases

GHSA-hjg4-8q5f-x6fm

Related

Published

2021-05-27T12:15:07Z

Modified

2023-11-29T08:34:28.822388Z

Details

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.

References

Affected packages

Git / github.com/rails/rails

Affected ranges

Type: GIT
Repo: https://github.com/rails/rails
Events: Introduced

0The exact introduced commit is unknown

Fixed

85c6823b77b60f2a3a6a25d7a1013032e8c580ef

Affected versions

Other

test-tag-1

v0.*

v0.10.0

v0.10.1

v0.11.0

v0.11.1

v0.12.0

v0.13.0

v0.13.1

v0.14.1

v0.14.3

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.4.1

v0.9.5

v1.*

v1.1.0

v1.1.0_RC1

v1.1.1

v2.*

v2.0.0

v2.0.0_PR

v2.0.0_RC1

v2.0.0_RC2

v2.0.1

v2.1.0

v2.1.0_RC1

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.3.2.1

v3.*

v3.0.0.beta.2

v3.0.0.beta.3

v3.0.0.beta1

v3.0.0.beta2

v3.0.0.beta3

v3.0.0.beta4

v3.0.0_RC

v3.1.0.beta1

v3.1.0.rc1

v3.2.0.rc1

v4.*

v4.0.0.beta1

v4.0.0.rc1

v4.1.0.beta1

v4.1.0.beta2

v4.2.0.beta1

v4.2.0.beta4

v5.*

v5.0.0.beta1

v5.0.0.beta1.1

v5.0.0.beta2

v5.0.0.beta3

v5.0.0.beta4

v5.0.0.rc1

v5.1.0.beta1

v6.*

v6.0.0.beta1

v6.0.0.beta2

v6.0.0.beta3

v6.1.0

v6.1.0.rc1

v6.1.0.rc2

v6.1.1

v6.1.2

v6.1.2.1

v6.1.3