Home
» GitHub Advisories
» GHSA-jmgf-p46x-982h
Description
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Basic information
Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
—
Source code
Browse source ↗
Published (advisory)
2017-10-24 18:33:38 UTC
Updated
2025-04-09 16:49:46 UTC
GitHub reviewed
2020-06-16 21:43:46 UTC
NVD published
2008-11-21
EPSS Score
Score
Percentile
0.17%
38.46%
CVSS Scores
No CVSS scores in this advisory.
CWEs
CWE id
Name
CWE-352
Cross-Site Request Forgery (CSRF)
Affected packages (1)
Vulnerable version ranges and first patched releases as published by GitHub.
Ecosystem
Package
Vulnerable range
First patched
Vulnerable functions
rubygems
rails
< 2.0.5
2.0.5
—
cvelogic
Threat Intelligence