admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-12 21:00:58 +00:00
parent 65e33bb7b5
commit 83f3fd7350
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2021/23xxx/CVE-2021-23435.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284",
"name": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/clearance/pull/945"
"refsource": "MISC",
"url": "https://github.com/thoughtbot/clearance/pull/945",
"name": "https://github.com/thoughtbot/clearance/pull/945"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package clearance before 2.5.0.\n The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).\n"
"value": "This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com)."
}
]
},