CVE-2008-5189

N/A Unknown

Published: November 21, 2008 Modified: April 23, 2026

Description

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

Source: cve@mitre.org

http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing

Source: cve@mitre.org

Vendor Advisory

http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk

Source: cve@mitre.org

http://www.securityfocus.com/bid/32359

Source: cve@mitre.org

Patch

http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d