Published: 18/10/2021 Updated: 02/02/2024

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow malicious users to redirect users to a malicious website.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rubyonrails rails

Debian Bug report logs - #992586 rails: CVE-2021-22942: Possible Open Redirect in Host Authorization Middleware Package: src:rails; Maintainer for src:rails is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 20 Aug 2021 14:24:02 U ...

Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect For the stable distribution (bullseye), these problems have been fixed in version 2:6037+dfsg-2+deb11u1 We recommend that you upgrade your rails packages For the detailed sec ...

No description is available for this CVE ...

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 600 before versions 6141 and 6041 that could allow attackers to redirect users to a malicious website ...

CWE-601 https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/http://www.openwall.com/lists/oss-security/2021/12/14/5 https://www.debian.org/security/2023/dsa-5372 https://security.netapp.com/advisory/ntap-20240202-0005/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586 https://www.debian.org/security/2023/dsa-5372 https://nvd.nist.gov

CVE-2021-22942

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect