There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when using the "redirect_to" or "polymorphic_url" helper with untrusted user input.
There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when using the "redirect_to" or "polymorphic_url" helper with untrusted user input.
https://www.openwall.com/lists/oss-security/2021/05/05/3