CVE Record: CVE-2021-22881

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

CWE 1 Total

CWE-601: Open Redirect (CWE-601)

Product Status

Versions 1 Total

Default Status: unknown

affected

References 7 Total

Updated: 2024-08-03

This container includes required additional information provided by the CVE Program for this vulnerability.

References 7 Total

https://hackerone.com/reports/1047447
external site
x_transferred
https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
external site
x_transferred
https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/
external site
x_transferred
lists.fedoraproject.org: FEDORA-2021-b571fca1b8
external site
vendor-advisoryx_transferred
openwall.com: [oss-security] 20210505 [CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack
external site
mailing-listx_transferred
openwall.com: [oss-security] 20210819 [CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware
external site
mailing-listx_transferred
openwall.com: [oss-security] 20211214 [CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware
external site
mailing-listx_transferred