Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.
| Software | From | Fixed in |
|---|---|---|
| rubyonrails / rails | 6.1.0.0 | 6.1.3.1 |
| rubyonrails / rails | 6.0.0.0 | 6.0.3.7 |
| rubyonrails / rails | 5.2.0.0 | 5.2.4.6 |
| debian / debian_linux | 10.0 | 10.0.x |
actionpack
|
6.0.0 | 6.0.3.7 |
|
actionpack
|
6.1.0 | 6.1.3.2 |
|
actionpack
|
5.2.5 | 5.2.6 |
|
actionpack
|
2.0.0 | 5.2.4.6 |
- https://github.com/rails/rails/releases/tag/v5.2.4.6
- https://github.com/rails/rails/releases/tag/v5.2.6
- https://github.com/rails/rails/releases/tag/v6.0.3.7
- https://github.com/rails/rails/releases/tag/v6.1.3.2
- https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
- https://hackerone.com/reports/1106652
- https://security.netapp.com/advisory/ntap-20210805-0009/
- https://www.debian.org/security/2021/dsa-4929