URL Redirection to Untrusted Site (Open Redirect) in gem/rails
URL Redirection to Untrusted Site (Open Redirect)
This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain allowed host formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
All versions starting from 6.1.0.rc2 before 184.108.40.206