CVE-2021-22885 Information
Jun 07, 2022
cve
Description
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://hackerone.com/reports/1106652 https://www.debian.org/security/2021/dsa-4929 https://security.netapp.com/advisory/ntap-20210805-0009/ A possible information disclosure / unintended method execution vulnerability in Action Pack
= 2.0.0 when using the
redirect_toorpolymorphic_urlhelper with untrusted user input.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: