CVE-2021-22885 in Ruby on Rails and Debian Products
Published on May 27, 2021

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

Vendor Advisory NVD

Weakness Type

Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

Products Associated with CVE-2021-22885

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22885 are published in these products:

Ruby on Rails Rails

Ruby on Rails Actionpack Page Caching

Debian Linux

Exploit Probability

EPSS

2.07%

Percentile

83.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-22885 in Ruby on Rails and Debian ProductsPublished on May 27, 2021

Weakness Type

Generation of Error Message Containing Sensitive Information

Products Associated with CVE-2021-22885

Exploit Probability

CVE-2021-22885 in Ruby on Rails and Debian Products
Published on May 27, 2021