CVE-2021-22903

URL Redirection to Untrusted Site (Open Redirect) in gem/rails

Identifier

CVE-2021-22903

Package Slug

gem/rails

Vulnerability

URL Redirection to Untrusted Site (Open Redirect)

Description

This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain allowed host formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Affected Versions

All versions starting from 6.1.0.rc2 before 6.1.3.2

Solution

Upgrade to versions 6.1.3.2 or above.

Last Modified

2021-05-12

source