The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2021-02-11T16:12:34
Updated: 2024-08-03T18:58:24.786Z
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-22881
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-11T18:15:17.460
Modified: 2024-11-21T05:50:49.740
Link: CVE-2021-22881
Redhat