CVE-2023-28362 — Improper Encoding or Escaping of Output in Rails Action Pack

CWE-116 — Improper Encoding or Escaping of Output CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 54.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rails Action Pack Rubyonrails Rails Actionpack Project Actionpack

Timeline

PublishedJan 9

Description

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5rails/action_pack7.0.5.1 — 7.0.5.1+1

▶Debianrubyonrails/rails< 2:6.0.3.7+dfsg-2+deb11u3+3

▶RubyGemsactionpack_project/actionpack7.0.0 — 7.0.5.1+1

🔴Vulnerability Details

CVEList

CVE-2023-28362: The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value↗2025-01-09

▶

OSV

CVE-2023-28362: The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value↗2025-01-09

▶

GHSA

Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to↗2023-06-29

▶

OSV

Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to↗2023-06-29

▶

📋Vendor Advisories

Red Hat

actionpack: Possible XSS via User Supplied Values to redirect_to↗2023-06-27

▶

Debian

CVE-2023-28362: rails - The redirect_to method in Rails allows provided values to contain characters whi...↗2023

▶