This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2021-09-12T20:05:10.404742Z
Updated: 2024-09-16T23:55:46.556Z
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23435
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-12T20:15:07.443
Modified: 2021-09-23T17:33:28.967
Link: CVE-2021-23435
Redhat
No data.