Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-5189

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
rubyonrails / ruby_on_rails 0.8.0 0.8.0.x
rubyonrails / ruby_on_rails 0.5.7 0.5.7.x
rubyonrails / ruby_on_rails 0.7.0 0.7.0.x
rubyonrails / rails 1.2.4 1.2.4.x
rubyonrails / ruby_on_rails 0.8.5 0.8.5.x
rubyonrails / ruby_on_rails 0.6.0 0.6.0.x
rubyonrails / ruby_on_rails 0.5.6 0.5.6.x
rubyonrails / ruby_on_rails 0.9.0 0.9.0.x
rubyonrails / ruby_on_rails 0.5.5 0.5.5.x
rubyonrails / ruby_on_rails 0.5.0 0.5.0.x
rubyonrails / ruby_on_rails 0.6.5 0.6.5.x
rubyonrails / ruby_on_rails - 2.0.4.x
rubyonrails / rails 0.9.1 0.9.1.x
rubyonrails / rails 0.9.2 0.9.2.x
rubyonrails / rails 0.9.3 0.9.3.x
rubyonrails / rails 0.9.4 0.9.4.x
rubyonrails / rails 0.9.4.1 0.9.4.1.x
rubyonrails / rails 0.10.0 0.10.0.x
rubyonrails / rails 0.10.1 0.10.1.x
rubyonrails / rails 0.11.0 0.11.0.x
rubyonrails / rails 0.11.1 0.11.1.x
rubyonrails / rails 0.12.0 0.12.0.x
rubyonrails / rails 0.12.1 0.12.1.x
rubyonrails / rails 0.13.0 0.13.0.x
rubyonrails / rails 0.13.1 0.13.1.x
rubyonrails / rails 0.14.1 0.14.1.x
rubyonrails / rails 0.14.2 0.14.2.x
rubyonrails / rails 0.14.3 0.14.3.x
rubyonrails / rails 0.14.4 0.14.4.x
rubyonrails / rails 1.0.0 1.0.0.x
rubyonrails / rails 1.1.1 1.1.1.x
rubyonrails / rails 1.1.2 1.1.2.x
rubyonrails / rails 1.1.3 1.1.3.x
rubyonrails / rails 1.1.4 1.1.4.x
rubyonrails / rails 1.1.5 1.1.5.x
rubyonrails / rails 1.1.6 1.1.6.x
rubyonrails / rails 1.2.1 1.2.1.x
rubyonrails / rails 1.2.2 1.2.2.x
rubyonrails / rails 1.2.3 1.2.3.x
rubyonrails / rails 1.2.5 1.2.5.x
rubyonrails / rails 1.2.6 1.2.6.x
rubyonrails / rails 1.9.5 1.9.5.x
rubyonrails / rails 1.1.0 1.1.0.x
rubyonrails / rails 1.2.0 1.2.0.x
rubyonrails / rails 2.0.1 2.0.1.x
rubyonrails / rails 2.0.2 2.0.2.x
rubyonrails / rails 2.0.0-rc1 2.0.0-rc1.x
rubyonrails / rails 2.0.0-rc2 2.0.0-rc2.x
rubyonrails / rails 2.0.0 2.0.0.x
rails - 2.0.5