CVE-2021-22881

CVE-2021-22881

Vendor N/A

Product https://github.com/rails/rails

Weakness CWE-601 · Open redirect

Published February 11, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

Key dates

02Disclosure timeline

February 11, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22881

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE