CVE-2023-22797

CVE-2023-22797

Vendor N/A
Product https://github.com/rails/rails
Weakness CWE-601 · Open redirect
Published February 9, 2023
Last update March 24, 2025

CVSS base score

What the vulnerability does

01Description

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.

Key dates

02Disclosure timeline

February 9, 2023 CVE published
March 24, 2025 Record updated