---

CVE-2021-22885 - log back

CVE-2021-22885 edited at 27 May 2021 14:04:46
References	https://www.openwall.com/lists/oss-security/2021/05/05/3 + https://hackerone.com/reports/1106652

CVE-2021-22885 edited at 05 May 2021 16:54:15
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when using the "redirect_to" or "polymorphic_url" helper with untrusted user input.
References	+ https://www.openwall.com/lists/oss-security/2021/05/05/3

CVE-2021-22885 created at 05 May 2021 16:51:45
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes