GHSA-jmgf-p46x-982h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jmgf-p46x-982h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-jmgf-p46x-982h/GHSA-jmgf-p46x-982h.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-jmgf-p46x-982h
- Aliases
- Published
- 2017-10-24T18:33:38Z
- Modified
- 2025-04-09T17:01:03.625921Z
- Summary
- rails is vulnerable to CRLF injection
- Details
-
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
- Database specific
{ "cwe_ids": [ "CWE-352" ], "github_reviewed_at": "2020-06-16T21:43:46Z", "severity": "MODERATE", "github_reviewed": true, "nvd_published_at": "2008-11-21T12:00:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-5189
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml
- http://github.com/rails/rails
- http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
- http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
Affected packages
RubyGems / rails
Package
- Name
- rails
- Purl
- pkg:gem/rails