CVE-2008-5189 – rails

Package

Manager: gem
Name: rails
Vulnerable Version: >=0 <2.0.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00189 pctl0.40971

Details

rails is vulnerable to CRLF injection CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

Metadata

Created: 2017-10-24T18:33:38Z
Modified: 2025-04-09T16:49:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-jmgf-p46x-982h/GHSA-jmgf-p46x-982h.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-jmgf-p46x-982h
Finding: F007
Auto approve: 1