CVE-2021-22885

Name	CVE-2021-22885
Description	A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2655-1, DSA-4929-1, ELA-425-1
Debian Bugs	988214

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
rails (PTS)	jessie, jessie (lts)	2:4.1.8-1+deb8u9	fixed
	stretch (security), stretch (lts), stretch	2:4.2.7.1-1+deb9u5	fixed
	buster	2:5.2.2.1+dfsg-1+deb10u3	fixed
	buster (security)	2:5.2.2.1+dfsg-1+deb10u5	fixed
	bullseye (security), bullseye	2:6.0.3.7+dfsg-2+deb11u2	fixed
	bookworm	2:6.1.7.3+dfsg-1	fixed
	sid, trixie	2:6.1.7.3+dfsg-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
rails	source	jessie	2:4.1.8-1+deb8u9	ELA-425-1
rails	source	stretch	2:4.2.7.1-1+deb9u5	DLA-2655-1
rails	source	buster	2:5.2.2.1+dfsg-1+deb10u3	DSA-4929-1
rails	source	(unstable)	2:6.0.3.7+dfsg-1		988214

Notes

https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6)