CVE-2021-44528

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rubyonrails:rails:6.0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:7.0.0:rc2:*:*:*:*:*:*

History

08 Feb 2024, 10:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240208-0003/ -

14 Mar 2023, 08:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5372 -

14 Jan 2022, 15:09

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.8
v3 : 6.1
CPE cpe:2.3:a:rubyonrails:rails:6.0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:7.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:6.1.4.2:*:*:*:*:*:*:*
References (MISC) https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 - (MISC) https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 - Patch, Third Party Advisory
First Time Rubyonrails rails
Rubyonrails
CWE CWE-601

10 Jan 2022, 14:14

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-10 14:10

Updated : 2024-02-08 10:15


NVD link : CVE-2021-44528

Mitre link : CVE-2021-44528

CVE.ORG link : CVE-2021-44528


JSON object : View

Products Affected

rubyonrails

  • rails
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')