Vulnerability Description
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rubyonrails | Rails | >= 6.1.1, < 6.1.3.2 |
Related Weaknesses (CWE)
References
- https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerabMitigationPatchVendor Advisory
- https://hackerone.com/reports/1148025Permissions RequiredThird Party Advisory
- https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerabMitigationPatchVendor Advisory
- https://hackerone.com/reports/1148025Permissions RequiredThird Party Advisory
FAQ
What is CVE-2021-22903?
CVE-2021-22903 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authori...
How severe is CVE-2021-22903?
CVE-2021-22903 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22903?
Check the references section above for vendor advisories and patch information. Affected products include: Rubyonrails Rails.