RubySec

Providing security resources for the Ruby community

CVE-2023-22797 (actionpack): Open Redirect Vulnerability in Action Pack

ADVISORIES

GEM

actionpack

FRAMEWORK

Ruby on Rails

SEVERITY

CVSS v3.x: 6.1 (Medium)

UNAFFECTED VERSIONS

  • < 7.0.0

PATCHED VERSIONS

  • >= 7.0.4.1

DESCRIPTION

There is a vulnerability in Action Controller’s redirect_to. This vulnerability has been assigned the CVE identifier CVE-2023-22797.

Versions Affected: >= 7.0.0 Not affected: < 7.0.0 Fixed Versions: 7.0.4.1

Impact

There is a possible open redirect when using the redirect_to helper with untrusted user input.

Vulnerable code will look like this:

redirect_to(params[:some_param])

Rails 7.0 introduced protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could be bypassed by a carefully crafted URL.

All users running an affected release should either upgrade or use one of the workarounds immediately.

Workarounds

There are no feasible workarounds for this issue.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories