59 matches found
Open Redirection
actionpack is vulnerable to open redirection. A malicious X-Forwarded-Host when used in combination with certain allowed host formats, can cause the Host Authorization middleware to redirect users to a malicious website...
CVE-2021-22942
A flaw was found in rubygem-actionpack. Specially crafted “X-Forwarded-Host” headers, in combination with certain “allowed host” formats, can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. The highest threat from this vulnerability is to system...
Ruby on Rails 输入验证错误漏洞
Ruby on Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. Ruby on Rails suffers from an Input Validation Error vulnerability that stems from a flaw found in rubygem-actionpack, which, via a specially crafted X-Forwarded-Host header, in...
Open Redirect
Overview rails is an opensource MVC web framework. Affected versions of this package are vulnerable to Open Redirect. Specially crafted “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a...
CVE-2021-22903
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...
CVE-2021-22903
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...
Possible Open Redirect Vulnerability in Action Pack
There is a possible Open Redirect Vulnerability in Action Pack. Versions Affected: = v6.1.0.rc2 Not affected: v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host...
GHSA-8877-PRQ4-9XFW Actionpack Open Redirect Vulnerability
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious websi...
Actionpack Open Redirect Vulnerability
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious websi...
CVE-2021-22881
The Host Authorization middleware in Action Pack suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted application...
Open Redirect
rails:sid is vulnerable to open redirect. The Host Authorization middleware is vulnerable because it allows specially crafted Host headers in combination with certain "allowed host" formats to cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacte...
CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
Open redirect
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
CVE-2021-22881
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...
PT-2021-15252
Name of the Vulnerable Software and Affected Versions Action Pack versions prior to 6.1.2.1 Action Pack versions prior to 6.0.3.5 Description The Host Authorization middleware in Action Pack suffers from an open redirect issue. Specially crafted Host headers, in combination with certain "allowed...
Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22881. Versions Affected: = 6.0.0 Not affected: a-z0-9.-+|\a-f0-9:a-f0-9.:+\ :\d+? \z /x originhost = validhost.match...
Rails -- multiple vulnerabilities
Ruby on Rails blog: Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues: CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter. CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware...