There is a possible information disclosure/unintended method execution vulnerability in Action Pack prior to 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when using the "redirect_to" or "polymorphic_url" helper with untrusted user input.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails |
||
rubyonrails actionpack page-caching - |
||
debian debian linux 10.0 |