CVE-2021-22903

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-22903

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22903.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-22903

Aliases

GHSA-5hq2-xf89-9jxq

Downstream

UBUNTU-CVE-2021-22903

Published

2021-06-11T16:15:11.437Z

Modified

2026-04-10T04:30:15.410907Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, config.hosts << "sub.example.com" to permit a request with a Host header value of sub-example.com.

References

Affected packages

Git / github.com/rails/rails

Affected ranges

Type

GIT

Repo

https://github.com/rails/rails

Events

Introduced

5f3ff60084ab5d5921ca3499814e4697f8350ee7

Fixed

75ac626c4e21129d8296d4206a1960563cc3d4aa

Introduced

Last affected

b38eb45ad9cb2041b30ac5d4d7b5b6e7b911ff2e

Database specific

{
    "versions": [
        {
            "introduced": "6.1.1"
        },
        {
            "fixed": "6.1.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0-rc2"
        }
    ]
}

Affected versions

v0.*

v0.10.0

v0.10.1

v0.11.0

v0.11.1

v0.12.0

v0.13.0

v0.13.1

v0.14.1

v0.14.3

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.4.1

v0.9.5

v1.*

v1.1.0

v1.1.0_RC1

v1.1.1

v2.*

v2.0.0

v2.0.0_PR

v2.0.0_RC1

v2.0.0_RC2

v2.0.1

v3.*

v3.0.0.beta.3

v3.0.0.beta3

v3.1.0.beta1

v3.1.0.rc1

v3.2.0.rc1

v4.*

v4.0.0.beta1

v4.0.0.rc1

v4.2.0.beta1

v5.*

v5.0.0.beta1

v5.0.0.beta2

v5.0.0.beta4

v5.1.0.beta1

v6.*

v6.0.0.beta1

v6.0.0.beta2

v6.1.0.rc1

v6.1.0.rc2

v6.1.1

v6.1.2

v6.1.3

v6.1.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22903.json"