CVE-2021-22903Open Redirect in Project Actionpack

CWE-601Open Redirect7 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 64.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Rubyonrails RailsActionpack Project ActionpackHttps Github.com Rails Rails
Timeline
PublishedJun 11

Description

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

RubyGemsactionpack_project/actionpack6.1.0.rc26.1.3.2
NVDrubyonrails/rails6.1.16.1.3.2+1
CVEListV5https/github.com_rails_railsFixed in 6.1.3.2

Patches

Patch: discuss.rubyonrails.orgPatch: discuss.rubyonrails.org

🔴Vulnerability Details

4
OSV
CVE-2021-22903: The actionpack ruby gem before 62021-06-11
CVEList
CVE-2021-22903: The actionpack ruby gem before 62021-06-11
OSV
Possible Open Redirect Vulnerability in Action Pack2021-05-05
GHSA
Possible Open Redirect Vulnerability in Action Pack2021-05-05

📋Vendor Advisories

2
Red Hat
rubygem-actionpack: Possible Open Redirect Vulnerability in Action Pack2021-05-05
Debian
CVE-2021-22903: rails - The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vul...2021
CVE-2021-22903 — Open Redirect in Project Actionpack | cvebase