rails is vulnerable to CRLF injection · CVE-2008-5189 · GitHub Advisory Database · GitHub

rails is vulnerable to CRLF injection

Moderate severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated May 11, 2023

Package

rails (RubyGems)

Affected versions

< 2.0.5

Patched versions

2.0.5

Description

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

References

Published to the GitHub Advisory Database Oct 24, 2017

Reviewed Jun 16, 2020

Last updated May 11, 2023