MEDIUM
GHSA-jmgf-p46x-982h
rails is vulnerable to CRLF injection
상세
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2008-5189 [ADVISORY]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml [WEB]
- http://github.com/rails/rails [PACKAGE]
- http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d [WEB]
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html [WEB]
- http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing [WEB]
- http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk [WEB]