CVE-2021-22942

CWE-601Open Redirect9 documents7 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 32.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rubyonrails RailsHttps: /github.com/rails/rails
Timeline
PublishedOct 18
Latest updateDec 14

Description

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

RubyGemsactionpack6.0.06.0.4.1+1
NVDrubyonrails/rails6.0.06.0.4.1+1
Debianrails< 2:6.0.3.7+dfsg-2+deb11u1+3
CVEListV5https://github.com/rails/rails6.1.4.1, 6.0.4.1

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

5
GHSA
actionpack Open Redirect in Host Authorization Middleware2021-12-14
OSV
CVE-2021-22942: A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 62021-10-18
CVEList
CVE-2021-22942: A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 62021-10-18
OSV
Open Redirect in ActionPack2021-08-26
GHSA
Open Redirect in ActionPack2021-08-26

📋Vendor Advisories

2
Red Hat
rubygem-actionpack: possible open redirect in the Host Authorization middleware2021-08-20
Debian
CVE-2021-22942: rails - A possible open redirect vulnerability in the Host Authorization middleware in A...2021

💬Community

1
HackerOne
The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values2021-11-18