CVE-2021-22903
gem/rails
URL Redirection to Untrusted Site (Open Redirect)
This is similar to CVE-2021-22881. Specially crafted Host
headers in combination with certain allowed host
formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
All versions starting from 6.1.0 up to 6.1.3.2
Upgrade to version 6.1.4 or above.
2021-05-12
source |