CVE-2021-22903
N/A
N/A
Summary
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, config.hosts << "sub.example.com" to permit a request with a Host header value of sub-example.com.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | https://github.com/rails/rails | Fixed in 6.1.3.2 | affected |
Weaknesses
- CWE-601: Open Redirect (CWE-601)
ADP Enrichment
CVE Program Container
Additional References
- https://hackerone.com/reports/1148025
- https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
References
- https://hackerone.com/reports/1148025
- https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.