CVEs-PoC/2021/CVE-2021-23435.md

### [CVE-2021-23435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23435)
![](https://img.shields.io/static/v1?label=Product&message=clearance&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%202.5.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Open%20Redirect&color=brighgreen)

### Description

This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Kirill89/Kirill89