Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2021-44528 - Vulnerability Database
Ruby on Rails

Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2021-44528

Medium
Reference: CVE-2021-44528
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-44528
Title: Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

A open redirect vulnerability exists in Action Pack gt 6.0.0 that could allow an attacker to craft a quotX-Forwarded-Hostquot headers in combination with certain quotallowed hostquot formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.