CVE-2021-44528
10.01.2022, 14:10
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | rails | 6.0.4.2 |
| rubyonrails | rails | 6.1.4.2 |
| rubyonrails | rails | 7.0.0:rc2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||||||
| rails-4.0 |
| ||||||||||||||||||||||
| ruby-actionpack-3.2 |
| ||||||||||||||||||||||
| ruby-activemodel-3.2 |
| ||||||||||||||||||||||
| ruby-activerecord-3.2 |
| ||||||||||||||||||||||
| ruby-activesupport-3.2 |
| ||||||||||||||||||||||
| ruby-rails-3.2 |
|
Common Weakness Enumeration
References