Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Redirect
Vulnerability Description
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Vulnerability Type
N/A
Vulnerability Title
Github Clearance 输入验证错误漏洞
Vulnerability Description
Github Clearance是使用电子邮件和密码进行 Rails 身份验证。 clearance 存在输入验证错误漏洞,该漏洞源于用于 return_to 的值包含多个前导斜杠 (//////example.com),则用户最终会被重定向到斜杠之后的外部域 (http://example.com)。
CVSS Information
N/A
Vulnerability Type
N/A