CVE-2021-22885

CVE-2021-22885

Vendor N/A
Product https://github.com/rails/rails
Weakness CWE-209 · Error message info leak
Published May 27, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

Key dates

02Disclosure timeline

May 27, 2021 CVE published
August 3, 2024 Record updated