Vulnerabilities (CVE)

Filtered by vendor Thoughtbot Subscribe
Filtered by product Clearance
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23435 1 Thoughtbot 1 Clearance 2024-11-21 5.8 MEDIUM 7.6 HIGH
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).