2 matches found
CVE-2026-54588
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...
Ruby on Rails: HTTP Host injection in redirect_to function
Hi team, Here is the sample vulnerable code ruby class TesttestController You are being redirected." end Then it will check if the options, because the input is String, so it will be the concatenate of request.protocol + request.hostwithport + options File actioncontroller\metal\redirecting.rb li...