CVE-2021-22903
published 2021-06-11CVE-2021-22903: The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| actionpack_project | actionpack | >= 6.1.0.rc2 < 6.1.3.2 | 6.1.3.2 |
| debian | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | >= 6.1.1 < 6.1.3.2 | 6.1.3.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ghsa6.1MEDIUM
osv6.1MEDIUM