Open Redirect Vulnerability in Action Pack
Published: January 18, 2023
SECURITY IDENTIFIERS
- CVE: CVE-2023-22797 (NVD)
- GHSA: GHSA-9445-4cr6-336r
- Vendor Advisory: https://github.com/rails/rails/releases/tag/v7.0.4.1
GEM
FRAMEWORK
SEVERITY
CVSS v3.x: 6.1 (Medium)
UNAFFECTED VERSIONS
< 7.0.0
PATCHED VERSIONS
>= 7.0.4.1
DESCRIPTION
There is a vulnerability in Action Controller’s redirect_to. This vulnerability has been assigned the CVE identifier CVE-2023-22797.
Versions Affected: >= 7.0.0 Not affected: < 7.0.0 Fixed Versions: 7.0.4.1
Impact
There is a possible open redirect when using the redirect_to helper with untrusted user input.
Vulnerable code will look like this:
redirect_to(params[:some_param])
Rails 7.0 introduced protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could be bypassed by a carefully crafted URL.
All users running an affected release should either upgrade or use one of the workarounds immediately.
Workarounds
There are no feasible workarounds for this issue.