The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
References
| Link | Resource |
|---|---|
| https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867 | Mitigation Patch Vendor Advisory |
| https://hackerone.com/reports/1148025 | Permissions Required Third Party Advisory |
| https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867 | Mitigation Patch Vendor Advisory |
| https://hackerone.com/reports/1148025 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867 - Mitigation, Patch, Vendor Advisory | |
| References | () https://hackerone.com/reports/1148025 - Permissions Required, Third Party Advisory |
Information
Published : 2021-06-11 16:15
Updated : 2024-11-21 05:50
NVD link : CVE-2021-22903
Mitre link : CVE-2021-22903
CVE.ORG link : CVE-2021-22903
JSON object : View
Products Affected
rubyonrails
- rails
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')