exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2021-22903

больше 4 лет назад

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.

CVSS3: 6.1

EPSS: Низкий

CVE-2021-22903

почти 5 лет назад

CVSS3: 6.5

EPSS: Низкий

CVE-2021-22903

больше 4 лет назад

CVSS3: 6.1

EPSS: Низкий

CVE-2021-22903

больше 4 лет назад

The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...

CVSS3: 6.1

EPSS: Низкий

GHSA-5hq2-xf89-9jxq

почти 5 лет назад

Possible Open Redirect Vulnerability in Action Pack

CVSS3: 6.1

EPSS: Низкий

BDU:2021-04602

почти 5 лет назад

Уязвимость промежуточного ПО Host Authorization фреймворка actionpack ruby gem программной платформы Ruby on Rails, связанная с недостаточной проверкой входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-22903 The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.	CVSS3: 6.1	0% Низкий	больше 4 лет назад
CVE-2021-22903 The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.	CVSS3: 6.5	0% Низкий	почти 5 лет назад
CVE-2021-22903 The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.	CVSS3: 6.1	0% Низкий	больше 4 лет назад
CVE-2021-22903 The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...	CVSS3: 6.1	0% Низкий	больше 4 лет назад
GHSA-5hq2-xf89-9jxq Possible Open Redirect Vulnerability in Action Pack	CVSS3: 6.1	0% Низкий	почти 5 лет назад
BDU:2021-04602 Уязвимость промежуточного ПО Host Authorization фреймворка actionpack ruby gem программной платформы Ruby on Rails, связанная с недостаточной проверкой входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность	CVSS3: 6.1	0% Низкий	почти 5 лет назад

Уязвимостей на страницу