CVE-2021-23435: URL Redirection to Untrusted Site (Open Redirect)

September 12, 2021 (updated September 23, 2021)

This affects the package clearance The vulnerability can be possible when users are able to set the value of session[:return_to].

References

nvd.nist.gov/vuln/detail/CVE-2021-23435

Code Behaviors & Features

Detect and mitigate CVE-2021-23435 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →