VYPR

Clearance

by Thoughtbot

gem: clearance

Source repositories

CVEs (1)

  • CVE-2021-23435Sep 12, 2021
    risk 0.00cvss epss 0.01

    This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external…