The Host Authorization middleware in Action Pack before 22.214.171.124, 126.96.36.199 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.
Weakness: URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
This section is open source, for any additional information that enhances or clarifies the official advisory above.
Exploits for CVE-2021-22881 are not publicly available.
Ruby on Rails: HostAuthorization middleware does not suitably sanitize the Host / X-Forwarded-For header allowing redirection.
submitted by tktech 2 months ago
publicly disclosed 18 days ago