Published: 10/01/2022 Updated: 08/02/2024

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an malicious user to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rubyonrails rails 7.0.0
rubyonrails rails 6.1.4.2
rubyonrails rails 6.0.4.2

Debian Bug report logs - #1001817 rails: CVE-2021-44528: Possible Open Redirect in Host Authorization Middleware Package: src:rails; Maintainer for src:rails is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 16 Dec 2021 22:03:02 ...

Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect For the stable distribution (bullseye), these problems have been fixed in version 2:6037+dfsg-2+deb11u1 We recommend that you upgrade your rails packages For the detailed sec ...

CWE-601 https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 https://www.debian.org/security/2023/dsa-5372 https://security.netapp.com/advisory/ntap-20240208-0003/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817 https://www.debian.org/security/2023/dsa-5372 https://nvd.nist.gov

CVE-2021-44528

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect