Skip to content

rails is vulnerable to CRLF injection

Moderate severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated May 11, 2023

Package

bundler rails (RubyGems)

Affected versions

< 2.0.5

Patched versions

2.0.5

Description

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

References

Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated May 11, 2023

Severity

Moderate

EPSS score

0.212%
(60th percentile)

Weaknesses

CVE ID

CVE-2008-5189

GHSA ID

GHSA-jmgf-p46x-982h

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.