UBUNTU-CVE-2023-28362

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-28362

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-28362.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-28362

Related

CVE-2023-28362

Published

2025-01-09T01:15:00Z

Modified

2025-01-17T08:21:51Z

Summary

[none]

Details

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

References

Affected packages

Ubuntu:Pro:16.04:LTS / rails

Package

Name: rails
Purl: pkg:deb/ubuntu/rails@2:4.2.6-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:4.*

2:4.1.10-1

2:4.2.5-1

2:4.2.5.1-1

2:4.2.5.2-2

2:4.2.6-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / rails

Package

Name: rails
Purl: pkg:deb/ubuntu/rails@2:4.2.10-0ubuntu4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:4.*

2:4.2.9-2

2:4.2.9-4

2:4.2.10-0ubuntu4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / rails

Package

Name: rails
Purl: pkg:deb/ubuntu/rails@2:5.2.3+dfsg-3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:5.*

2:5.2.2.1+dfsg-1ubuntu1

2:5.2.3+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / rails

Package

Name: rails
Purl: pkg:deb/ubuntu/rails@2:6.1.4.1+dfsg-8ubuntu2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:6.*

2:6.0.3.7+dfsg-2

2:6.1.4.1+dfsg-8ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / rails

Package

Name: rails
Purl: pkg:deb/ubuntu/rails@2:6.1.7.3+dfsg-3?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:6.*

2:6.1.7.3+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / rails

Package

Name: rails
Purl: pkg:deb/ubuntu/rails@2:6.1.7.3+dfsg-3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:6.*

2:6.1.7.3+dfsg-2build1

2:6.1.7.3+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}