Vulnerability Details CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.4%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-22797
-
cpe:2.3:a:actionpack_project:actionpack:7.0.0
-
cpe:2.3:a:actionpack_project:actionpack:7.0.1
-
cpe:2.3:a:actionpack_project:actionpack:7.0.2
-
cpe:2.3:a:actionpack_project:actionpack:7.0.2.1
-
cpe:2.3:a:actionpack_project:actionpack:7.0.2.2
-
cpe:2.3:a:actionpack_project:actionpack:7.0.2.3
-
cpe:2.3:a:actionpack_project:actionpack:7.0.2.4
-
cpe:2.3:a:actionpack_project:actionpack:7.0.3
-
cpe:2.3:a:actionpack_project:actionpack:7.0.3.1
-
cpe:2.3:a:actionpack_project:actionpack:7.0.4
-
cpe:2.3:a:rubyonrails:rails:7.0.0
-
cpe:2.3:a:rubyonrails:rails:7.0.1
-
cpe:2.3:a:rubyonrails:rails:7.0.2.2