Description
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Local File Inclusion (1.3.6.2)
Apache 2.x version older than 2.0.55
MySQL CVE-2024-21101 Vulnerability (CVE-2024-21101)
WordPress Plugin Support Ticket System By Phoeniixx Unspecified Vulnerability (2.7)
WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)