An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2023-02-09T00:00:00
Updated: 2024-08-02T10:20:30.311Z
Reserved: 2023-01-06T00:00:00
Link: CVE-2023-22797
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-09T20:15:11.550
Modified: 2024-11-21T07:45:26.670
Link: CVE-2023-22797
Redhat