Moderate severityNVD Advisory· Published Feb 9, 2023· Updated Mar 24, 2025
CVE-2023-22797
CVE-2023-22797
Description
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
actionpackRubyGems | >= 7.0.0, < 7.0.4.1 | 7.0.4.1 |
Affected products
3- ghsa-coords2 versions
>= 7.0.0, < 7.0.4.1+ 1 more
- (no CPE)range: >= 7.0.0, < 7.0.4.1
- (no CPE)range: < 7.0.4.1-1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9445-4cr6-336rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-22797ghsaADVISORY
- discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127ghsaWEB
- github.com/rails/rails/releases/tag/v7.0.4.1ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.ymlghsaWEB
News mentions
0No linked articles in our index yet.