Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-QPHC-HF5Q-V8FC
HistoryDec 14, 2021 - 9:19 p.m.

actionpack Open Redirect in Host Authorization Middleware

2021-12-1421:19:08
CWE-601
GitHub Advisory Database
github.com
18

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

54.5%

JSON

Specially crafted “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Impacted applications will have allowed hosts with a leading dot. For example, configuration files that look like this:

config.hosts <<  '.EXAMPLE.com'

When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

This vulnerability is similar to CVE-2021-22881 and CVE-2021-22942.

Releases

The fixed releases are available at the normal locations.

Patches

To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

  • 6-0-host-authorzation-open-redirect.patch - Patch for 6.0 series
  • 6-1-host-authorzation-open-redirect.patch - Patch for 6.1 series
  • 7-0-host-authorzation-open-redirect.patch - Patch for 7.0 series

Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

CPENameOperatorVersion
actionpackle6.1.4.1
actionpackle6.0.4.1

Related

osv 10
github 3
hackerone 2
rubygems 4
veracode 3
prion 4
debiancve 4
cve 4
nuclei 1
redhatcve 3
ubuntucve 4
ibm 1
fedora 2
freebsd 1
nessus 3
openvas 3
debian 1
osv
osv
actionpack Open Redirect in Host Authorization Middleware
2021-12-14 21:19:08
Open Redirect in ActionPack
2021-08-26 20:36:51
BIT-rails-2021-44528
2024-03-06 11:03:24
github
github
Open Redirect in ActionPack
2021-08-26 20:36:51
Actionpack Open Redirect Vulnerability
2021-03-02 03:44:17
Possible Open Redirect Vulnerability in Action Pack
2021-05-05 19:48:29
hackerone
hackerone
Internet Bug Bounty: The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values
2021-10-19 18:33:36
Ruby on Rails: HostAuthorization middleware does not suitably sanitize the Host / X-Forwarded-For header allowing redirection.
2020-11-30 23:25:50
rubygems
rubygems
Possible Open Redirect in Host Authorization Middleware
2021-12-13 21:00:00
Possible Open Redirect in Host Authorization Middleware
2021-08-18 21:00:00
Possible Open Redirect in Host Authorization Middleware
2021-02-09 21:00:00
veracode
veracode
Open Redirect
2022-01-11 12:30:51
Open Redirect
2021-02-15 01:22:32
Open Redirection
2021-02-15 03:48:29
prion
prion
Open redirect
2022-01-10 14:10:00
Open redirect
2021-02-11 18:15:00
Open redirect
2021-10-18 13:15:00
debiancve
debiancve
CVE-2021-44528
2022-01-10 14:10:00
CVE-2021-22881
2021-02-11 18:15:00
CVE-2021-22942
2021-10-18 13:15:00
cve
cve
CVE-2021-44528
2022-01-10 14:10:00
CVE-2021-22881
2021-02-11 18:15:00
CVE-2021-22942
2021-10-18 13:15:00
nuclei
nuclei
Open Redirect in Host Authorization Middleware
2021-12-15 15:13:07
redhatcve
redhatcve
CVE-2021-44528
2021-12-20 15:14:27
CVE-2021-22881
2021-02-18 15:38:23
CVE-2021-22942
2021-08-20 09:28:34
ubuntucve
ubuntucve
CVE-2021-44528
2022-01-10 00:00:00
CVE-2021-22881
2021-02-11 00:00:00
CVE-2021-22942
2021-10-18 00:00:00
ibm
ibm
Security Bulletin: A security vulnerability in Ruby on Rails Action Pack affects IBM Cloud Pak for Multicloud Management Infrastructure Management
2021-11-09 18:17:54
fedora
fedora
[SECURITY] Fedora 33 Update: rubygem-activerecord-6.0.3.4-2.fc33
2021-03-12 20:30:33
[SECURITY] Fedora 33 Update: rubygem-actionpack-6.0.3.4-2.fc33
2021-03-12 20:30:33
freebsd
freebsd
Rails -- multiple vulnerabilities
2021-02-10 00:00:00
nessus
nessus
FreeBSD : Rails -- multiple vulnerabilities (8e670b85-706e-11eb-abb2-08002728f74c)
2021-02-18 00:00:00
Fedora 33 : 1:rubygem-actionpack / 1:rubygem-activerecord (2021-b571fca1b8)
2021-03-15 00:00:00
Debian DSA-5372-1 : rails - security update
2023-03-14 00:00:00
openvas
openvas
Fedora: Security Advisory for rubygem-actionpack (FEDORA-2021-b571fca1b8)
2021-03-13 00:00:00
Fedora: Security Advisory for rubygem-activerecord (FEDORA-2021-b571fca1b8)
2021-03-13 00:00:00
Debian: Security Advisory (DSA-5372-1)
2023-03-14 00:00:00
debian
debian
[SECURITY] [DSA 5372-1] rails security update
2023-03-13 03:06:47

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

54.5%

JSON
Related for GHSA-QPHC-HF5Q-V8FC
osv10github3hackerone2rubygems4veracode3prion4debiancve4cve4nuclei1redhatcve3ubuntucve4ibm1fedora2freebsd1nessus3openvas3debian1