CVE-2021-44528

URL Redirection to Untrusted Site ('Open Redirect') in gem/rails

Identifiers

CVE-2021-44528

Package Slug

gem/rails

Vulnerability

URL Redirection to Untrusted Site ('Open Redirect')

Description

A open redirect vulnerability exists in Action Pack that could allow an attacker to craft a X-Forwarded-Host headers in combination with certain allowed host formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Affected Versions

All versions starting from 6.0.4.2 up to 6.1.4.2, version 7.0.0

Solution

Upgrade to versions 6.1.4.3, 7.0.1 or above.

Last Modified

2022-01-16

source