Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2021-22903 - Vulnerability Database

Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2021-22903

Medium

Reference: CVE-2021-22903

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-22903

Title: Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Overview:

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain quotallowed hostquot formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes for example config.hosts ltlt quotsub.example.comquot to permit a request with a Host header value of sub-example.com.