Description: "A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input."
https://github.com/rails/rails/releases/tag/v5.2.4.6 https://github.com/rails/rails/releases/tag/v5.2.6 https://github.com/rails/rails/releases/tag/v6.0.3.7 https://github.com/rails/rails/releases/tag/v6.1.3.2 https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Fixed versions have been in the tree since May 7th. dev-ruby/rails-5.2.6 dev-ruby/rails-6.0.3.7 dev-ruby/rails-6.1.3.2
(In reply to Hans de Graaff from comment #2) > Fixed versions have been in the tree since May 7th. > > dev-ruby/rails-5.2.6 > dev-ruby/rails-6.0.3.7 > dev-ruby/rails-6.1.3.2 Thanks! Please cleanup then
Cleanup done.
Thanks! All done.