Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-22881

Опубликовано: 11 фев. 2021
Источник: redhat
CVSS3: 6.1
EPSS Средний

Описание

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

The Host Authorization middleware in Action Pack suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

Отчет

Red Hat Satellite does not make use of the config.hosts setting and is not affected by this CVE.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5cfme-gemsetWill not fix
Red Hat Satellite 6tfm-ror52-rubygem-actionpackNot affected
Red Hat Satellite 6tfm-rubygem-actionpackNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=1930211rubygem-actionpack: open redirect vulnerability may lead to confidentiality and integrity compromise

EPSS

Процентиль: 93%
0.11507
Средний

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-22881

CVSS3: 6.1
ubuntu
почти 5 лет назад

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

nvd логотип

CVE-2021-22881

CVSS3: 6.1
nvd
почти 5 лет назад

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

debian логотип

CVE-2021-22881

CVSS3: 6.1
debian
почти 5 лет назад

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...

github логотип

GHSA-8877-prq4-9xfw

CVSS3: 6.1
github
почти 5 лет назад

Actionpack Open Redirect Vulnerability

EPSS

Процентиль: 93%
0.11507
Средний

6.1 Medium

CVSS3