QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-22881

Back to search

CVE-2021-22881

Published: Feb 11, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

VendorProductVersions

n/a

https://github.com/rails/rails

affected
Fixed in 6.1.2.1, 6.0.3.5

Weaknesses (CWE)

CWE-601

References

FEDORA-2021-b571fca1b8
vendor-advisory
x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now