Open Redirect Vulnerability in Action Pack by Ruby on Rails
CVE-2021-22942

6.1MEDIUM

Key Information:

Vendor: Rubyonrails
Status: Https://github.com/rails/rails
Vendor: CVE Published:; 18 October 2021

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2021-22942?

A vulnerability has been identified in the Host Authorization middleware of Action Pack, which is part of the Ruby on Rails framework. This open redirect issue could potentially allow attackers to redirect users to malicious websites, exposing them to phishing and other cyber threats. Developers utilizing affected versions of Action Pack are advised to implement necessary security patches and assess their applications for any abnormal redirect behavior.

Affected Version(s)

https://github.com/rails/rails 6.1.4.1, 6.0.4.1

References

https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-an...

http://www.openwall.com/lists/oss-security/2021/12/14/5

mailing-list

https://www.debian.org/security/2023/dsa-5372

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2021
Vulnerability Reserved
Jan 6, 2021