GHSA-2rqw-v265-jf8c

Опубликовано: 26 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Open Redirect in ActionPack

Overview

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942.

Versions Affected: >= 6.0.0. Not affected: < 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1

Impact

Specially crafted “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Impacted applications will have allowed hosts with a leading dot. For example, configuration files that look like this:

config.hosts << '.EXAMPLE.com'

When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

This vulnerability is similar to CVE-2021-22881, but CVE-2021-22881 did not take in to account domain name case sensitivity.

Releases

The fixed releases are available at the normal locations.

Workarounds

In the case a patch can’t be applied, the following monkey patch can be used in an initializer:

module ActionDispatch class HostAuthorization HOSTNAME = /[a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9.:]+\]/i VALID_ORIGIN_HOST = /\A(#{HOSTNAME})(?::\d+)?\z/ VALID_FORWARDED_HOST = /(?:\A|,[ ]?)(#{HOSTNAME})(?::\d+)?\z/ private def authorized?(request) origin_host = request.get_header("HTTP_HOST")&.slice(VALID_ORIGIN_HOST, 1) || "" forwarded_host = request.x_forwarded_host&.slice(VALID_FORWARDED_HOST, 1) || "" @permissions.allows?(origin_host) && (forwarded_host.blank? || @permissions.allows?(forwarded_host)) end end end

Ссылки

Пакеты

Наименование

actionpack

rubygems

Затронутые версииВерсия исправления

>= 6.0.0, <= 6.0.4

6.0.4.1

Наименование

actionpack

rubygems

Затронутые версииВерсия исправления

>= 6.1.0, <= 6.1.4

6.1.4.1

EPSS

Процентиль: 69%

0.0061

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2021-22942

Дефекты

CWE-601

Связанные уязвимости

CVE-2021-22942

CVSS3: 6.1

ubuntu

больше 4 лет назад

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

CVE-2021-22942

CVSS3: 5.4

redhat

больше 4 лет назад

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

CVE-2021-22942

CVSS3: 6.1

nvd

больше 4 лет назад

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

CVE-2021-22942

CVSS3: 6.1

debian

больше 4 лет назад

A possible open redirect vulnerability in the Host Authorization middl ...

EPSS

Процентиль: 69%

0.0061

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2021-22942

Дефекты

CWE-601