admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-283xx/CVE-2023-28362.json
cad-safe-bot a3043036d0 Auto-Update: 2025-01-12T03:00:19.531309+00:00
2025-01-12 03:03:49 +00:00

72 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-28362",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-01-09T01:15:07.750",
"lastModified": "2025-01-09T22:15:26.737",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header."
},
{
"lang": "es",
"value": "El m\u00e9todo redirect_to method in Rails permite que los valores proporcionados contengan caracteres que no son legales en un valor de encabezado HTTP. Esto genera la posibilidad de que los servicios posteriores que aplican el cumplimiento de RFC en los encabezados de respuesta HTTP eliminen el encabezado de ubicaci\u00f3n asignado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132",
"source": "support@hackerone.com"
},
{
"url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf",
"source": "support@hackerone.com"
},
{
"url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441",
"source": "support@hackerone.com"
},
{
"url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5",
"source": "support@hackerone.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink