VYPR

RubyGems package

clearance

pkg:gem/clearance

Vulnerabilities (1)

  • CVE-2021-23435Sep 12, 2021
    affected < 2.5.0fixed 2.5.0

    This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external d