Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-44528

CWE-601 — Open Redirect8 documents7 sources

Severity

6.1MEDIUM

EPSS

25.1%

top 3.82%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Https: /github.com/rails/rails Rubyonrails Rails

Timeline

PublishedJan 10

Description

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶RubyGemsactionpack6.0.0 — 6.0.4.2+1

▶Debianrails< 2:6.0.3.7+dfsg-2+deb11u1+3

▶NVDrubyonrails/rails6.0.4.2, 6.1.4.2, 7.0.0+2

▶CVEListV5https://github.com/rails/rails6.1.4.2, 6.0.4.2, 7.0.0.rc2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2021-44528: A open redirect vulnerability exists in Action Pack >= 6↗2022-01-10

▶

CVEList

CVE-2021-44528: A open redirect vulnerability exists in Action Pack >= 6↗2022-01-07

▶

OSV

actionpack Open Redirect in Host Authorization Middleware↗2021-12-14

▶

GHSA

actionpack Open Redirect in Host Authorization Middleware↗2021-12-14

▶

💥Exploits & PoCs

Nuclei

Open Redirect in Host Authorization Middleware

▶

📋Vendor Advisories

Red Hat

rubygem-actionpack: specially crafted "X-Forwarded-Host" headers may lead to open redirect↗2021-12-14

▶

Debian

CVE-2021-44528: rails - A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an...↗2021

▶