Lucene search
+L

11 matches found

Debian
Debian
added 2023/03/13 3:6 a.m.195 views

[SECURITY] [DSA 5372-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5372-1 [email protected] https://www.debian.org/security/ Aron Xu March 13, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

9.8CVSS7.8AI score0.04182EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2021/12/14 9:19 p.m.50 views

actionpack Open Redirect in Host Authorization Middleware

Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. For example, configuration files...

6.1CVSS6.4AI score0.04182EPSS
Exploits0References10Affected Software1
RubySec
RubySec
added 2021/12/14 12:0 a.m.36 views

Possible Open Redirect in Host Authorization Middleware

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...

6.1CVSS6.4AI score0.04182EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/09 6:17 p.m.31 views

Security Bulletin: A security vulnerability in Ruby on Rails Action Pack affects IBM Cloud Pak for Multicloud Management Infrastructure Management

Summary A security vulnerability in Ruby on Rails Action Pack affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details CVEID: CVE-2021-22942 DESCRIPTION: Ruby on Rails Action Pack could allow a remote attacker to conduct phishing attacks, caused by an open...

6.1CVSS1.2AI score0.0164EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2021/10/19 6:33 p.m.104 views

Internet Bug Bounty: The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values

Title: The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values Scope: https://github.com/rails/rails Weakness: Open Redirect Severity: Medium Link: https://hackerone.com/reports/1189310 Date: 2021-05-09 06:29:19 +0000 By: @mshtawy CVE IDs: CVE-2021-22942,...

5.8CVSS6.6AI score0.87301EPSS
Exploits1
Circl
Circl
added 2021/10/18 4:32 p.m.9 views

CVE-2021-22942

creationtimestamp| type| source ---|---|--- 2021-10-18 16:32:09+00:00| seen| https://t.me/cibsecurity/30689 2024-02-02 15:27:17+00:00| seen| https://t.me/ctinow/178113...

6.1CVSS5.9AI score0.0164EPSS
Exploits0References2
OSV
OSV
added 2021/10/18 1:15 p.m.2 views

UBUNTU-CVE-2021-22942

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack = 6.0.0 that could allow attackers to redirect users to a malicious website...

6.1CVSS6.6AI score0.0164EPSS
Exploits0References3
CVE
CVE
added 2021/10/18 12:0 a.m.125 views

CVE-2021-22942

CVE-2021-22942 describes an open redirect in Ruby on Rails Action Pack’s Host Authorization middleware (versions ≥ 6.0.0). Affected: Rails Action Pack/OpenRedirect via Host Authorization where specially crafted X-Forwarded-Host headers with certain allowed-host formats (e.g., leading dot in confi...

6.1CVSS6AI score0.0164EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/26 8:36 p.m.30 views

GHSA-2RQW-V265-JF8C Open Redirect in ActionPack

Overview There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: = 6.0.0. Not affected: 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact Specially crafted...

6.1CVSS6.1AI score0.0164EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2021/08/26 8:36 p.m.40 views

Open Redirect in ActionPack

Overview There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: = 6.0.0. Not affected: 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact Specially crafted...

6.1CVSS6.1AI score0.0164EPSS
Exploits0References10Affected Software1
RubySec
RubySec
added 2021/08/19 12:0 a.m.35 views

Possible Open Redirect in Host Authorization Middleware

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: = 6.0.0. Not affected: 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact ------ Specially crafted...

6.1CVSS3.5AI score0.0164EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder