The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, config.hosts << "sub.example.com" to permit a request with a Host header value of sub-example.com.
{
"cpe": [
"cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
"cpe:2.3:a:rubyonrails:rails:6.1.0:rc2:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "6.1.1"
},
{
"fixed": "6.1.3.2"
},
{
"introduced": "6.1.0-rc2"
},
{
"last_affected": "6.1.0-rc2"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}