Lucene search
+L

7 matches found

NVD
NVD
added 2021/06/11 4:15 p.m.24 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.1CVSS0.01224EPSS
Exploits0References2
CVE
CVE
added 2021/06/11 3:49 p.m.100 views

CVE-2021-22903

The CVE-2021-22903 issue affects the Ruby on Rails Action Pack/Host Authorization logic (Rails 6.x prior to 6.1.3.2). It stems from how Host headers and certain allowed-host formats interact with config.hosts, allowing an open redirect to a malicious site when a leading dot is used in allowed-hos...

6.1CVSS6AI score0.01224EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.47 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.1CVSS6.1AI score0.01224EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/05/20 12:0 a.m.30 views

Discourse 2.7.0.beta9 Security Update

A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

7.5CVSS7.1AI score0.04808EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/05/10 12:0 a.m.53 views

FreeBSD : Rails -- multiple vulnerabilities (f7a00ad7-ae75-11eb-8113-08002728f74c)

Ruby on Rails blog : Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed : CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...

7.5CVSS7.3AI score0.04808EPSS
Exploits3References10
RubySec
RubySec
added 2021/05/05 12:0 a.m.30 views

Possible Open Redirect Vulnerability in Action Pack

There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22903. Versions Affected: = v6.1.0.rc2 Not affected: v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881: Specially crafted Host headers ...

6.1CVSS2.8AI score0.01224EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2021/05/05 12:0 a.m.39 views

Rails -- multiple vulnerabilities

Ruby on Rails blog: Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed: CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...

7.5CVSS2.3AI score0.04808EPSS
Exploits3References5
Rows per page
Query Builder