Open Redirect Vulnerability in Action Pack by Ruby on Rails
CVE-2021-22881

6.1MEDIUM

Key Information:

Vendor

Rubyonrails

Status
Https://github.com/rails/rails
Vendor
CVE Published:
11 February 2021

What is CVE-2021-22881?

The Host Authorization middleware in Action Pack prior to specified versions contains a vulnerability allowing an open redirect through specially manipulated Host headers. If an allowed host has a leading dot, an attacker can exploit this by crafting a request to redirect users to malicious sites, posing significant risks to web application users. This issue primarily affects applications that implement lax host validation, making it crucial for developers to audit their host authorization settings and apply updates to mitigate this risk.

Affected Version(s)

https://github.com/rails/rails Fixed in 6.1.2.1, 6.0.3.5

References

https://hackerone.com/reports/1047447
x_refsource_MISC
https://discuss.rubyonrails.org/t/cve-2021-22881-possible...
x_refsource_MISC
https://benjamin-bouchet.com/cve-2021-22881-faille-de-sec...
x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.