CVE-2023-28362 in actionpack Geminformazioni

Riassunto

di MITRE • 09/01/2025

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

15/03/2023

Divulgazione

09/01/2025

Moderazione

accettato

Voce

VDB-232709

CPE

pronto

CWE

CWE-79 (confermato)

CVSS

4.0 (CNA)

EPSS

0.00312

KEV

Attività

molto basso

Settore

Telecommunication

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-28362
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-28362
CVE Details	https://www.cvedetails.com/cve/CVE-2023-28362/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!