Lucene search
+L

59 matches found

veracode
veracode
added 2021/08/23 5:23 a.m.6 views

Open Redirection

actionpack is vulnerable to open redirection. A malicious X-Forwarded-Host when used in combination with certain allowed host formats, can cause the Host Authorization middleware to redirect users to a malicious website...

6.1CVSS6.4AI score0.0164EPSS
Exploits0References6Affected Software2
redhatcve
redhatcve
added 2021/08/20 9:28 a.m.25 views

CVE-2021-22942

A flaw was found in rubygem-actionpack. Specially crafted “X-Forwarded-Host” headers, in combination with certain “allowed host” formats, can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. The highest threat from this vulnerability is to system...

6.1CVSS3.8AI score0.0164EPSS
Exploits0References4
cnnvd
cnnvd
added 2021/08/20 12:0 a.m.4 views

Ruby on Rails 输入验证错误漏洞

Ruby on Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. Ruby on Rails suffers from an Input Validation Error vulnerability that stems from a flaw found in rubygem-actionpack, which, via a specially crafted X-Forwarded-Host header, in...

6.1CVSS6.3AI score0.0164EPSS
Exploits0References7
snyk
snyk
added 2021/08/20 12:0 a.m.2 views

Open Redirect

Overview rails is an opensource MVC web framework. Affected versions of this package are vulnerable to Open Redirect. Specially crafted “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a...

7.6CVSS6.7AI score0.87301EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2021/06/11 4:15 p.m.28 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.1CVSS6.4AI score0.01224EPSS
Exploits0References1
debiancve
debiancve
added 2021/06/11 3:49 p.m.28 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.1CVSS6.1AI score0.01224EPSS
Exploits0
github
github
added 2021/05/05 7:48 p.m.79 views

Possible Open Redirect Vulnerability in Action Pack

There is a possible Open Redirect Vulnerability in Action Pack. Versions Affected: = v6.1.0.rc2 Not affected: v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host...

6.1CVSS6.1AI score0.01224EPSS
Exploits0References7Affected Software1
osv
osv
added 2021/03/02 3:44 a.m.21 views

GHSA-8877-PRQ4-9XFW Actionpack Open Redirect Vulnerability

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious websi...

6.1CVSS6AI score0.87301EPSS
Exploits1References14
github
github
added 2021/03/02 3:44 a.m.66 views

Actionpack Open Redirect Vulnerability

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious websi...

6.1CVSS6.1AI score0.87301EPSS
Exploits1References14Affected Software1
redhatcve
redhatcve
added 2021/02/18 3:38 p.m.40 views

CVE-2021-22881

The Host Authorization middleware in Action Pack suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted application...

6.1CVSS4.3AI score0.87301EPSS
Exploits1References4
veracode
veracode
added 2021/02/15 1:22 a.m.24 views

Open Redirect

rails:sid is vulnerable to open redirect. The Host Authorization middleware is vulnerable because it allows specially crafted Host headers in combination with certain "allowed host" formats to cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacte...

6.1CVSS3.7AI score0.87301EPSS
Exploits1References9Affected Software1
nvd
nvd
added 2021/02/11 6:15 p.m.23 views

CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

6.1CVSS0.87301EPSS
Exploits1References7
osv
osv
added 2021/02/11 6:15 p.m.24 views

CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

6.1CVSS6.4AI score0.87301EPSS
Exploits1References7
ubuntucve
ubuntucve
added 2021/02/11 6:15 p.m.24 views

CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

6.1CVSS6.6AI score0.87301EPSS
Exploits1References3
prion
prion
added 2021/02/11 6:15 p.m.25 views

Open redirect

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

5.8CVSS6AI score0.87301EPSS
Exploits1References7Affected Software2
cvelist
cvelist
added 2021/02/11 4:12 p.m.46 views

CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

6.3AI score0.87301EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2021/02/11 12:0 a.m.6 views

PT-2021-15252

Name of the Vulnerable Software and Affected Versions Action Pack versions prior to 6.1.2.1 Action Pack versions prior to 6.0.3.5 Description The Host Authorization middleware in Action Pack suffers from an open redirect issue. Specially crafted Host headers, in combination with certain "allowed...

7.5CVSS5.4AI score0.98507EPSS
Exploits25References40
rubygems
rubygems
added 2021/02/10 12:0 a.m.33 views

Possible Open Redirect in Host Authorization Middleware

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22881. Versions Affected: = 6.0.0 Not affected: a-z0-9.-+|\a-f0-9:a-f0-9.:+\ :\d+? \z /x originhost = validhost.match...

6.1CVSS3.6AI score0.87301EPSS
Exploits1References1Affected Software1
freebsd
freebsd
added 2021/02/10 12:0 a.m.27 views

Rails -- multiple vulnerabilities

Ruby on Rails blog: Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues: CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter. CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware...

7.5CVSS1.9AI score0.87301EPSS
Exploits2References3
Rows per page
Query Builder