The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2021-02-11T16:12:34

Updated: 2024-08-03T18:58:24.786Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22881

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-11T18:15:17.460

Modified: 2024-11-21T05:50:49.740

Link: CVE-2021-22881

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-02-11T00:00:00Z

Links: CVE-2021-22881 - Bugzilla