CVE-2021-44528

Summary

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/rails6.1.4.2, 6.0.4.2, 7.0.0.rc2affected

Weaknesses

  • CWE-601: Open Redirect (CWE-601)

ADP Enrichment

CVE Program Container

Additional References

References