CVE-2008-5189

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2008-5189

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2008-5189.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2008-5189

Aliases

GHSA-jmgf-p46x-982h

Downstream

DEBIAN-CVE-2008-5189

Published

2008-11-21T12:00:00Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

References

http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
http://www.securityfocus.com/bid/32359
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

CVE-2008-5189

Affected packages