CVE-2021-22903

CVE-2021-22903

Vendor N/A
Product https://github.com/rails/rails
Weakness CWE-601 · Open redirect
Published June 11, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.

Key dates

02Disclosure timeline

June 11, 2021 CVE published
August 3, 2024 Record updated