VYPR
Medium severity4.0OSV Advisory· Published Jan 9, 2025· Updated Apr 15, 2026

CVE-2023-28362

CVE-2023-28362

Description

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
actionpackRubyGems
< 6.1.7.46.1.7.4
actionpackRubyGems
>= 7.0.0, < 7.0.5.17.0.5.1

Affected products

11

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.