A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
References
Configurations
Configuration 1 (hide)
|
History
08 Feb 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Mar 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jan 2022, 15:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rubyonrails:rails:6.0.4.2:*:*:*:*:*:*:* cpe:2.3:a:rubyonrails:rails:6.1.4.2:*:*:*:*:*:*:* cpe:2.3:a:rubyonrails:rails:7.0.0:rc2:*:*:*:*:*:* |
|
References | (MISC) https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 - Patch, Third Party Advisory | |
CWE | CWE-601 | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 6.1 |
10 Jan 2022, 14:14
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-10 14:10
Updated : 2024-02-08 10:15
NVD link : CVE-2021-44528
Mitre link : CVE-2021-44528
CVE.ORG link : CVE-2021-44528
JSON object : View
Products Affected
rubyonrails
- rails
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')