CVE-2021-44528

MEDIUM NUCLEI

Rails < 6.0.4.2 - Open Redirect

Title source: rule

Description

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Nuclei Templates (1)

Open Redirect in Host Authorization Middleware
MEDIUMby geeknik
Shodan: cpe:"cpe:2.3:a:rubyonrails:rails"

References (3)

Scores

CVSS v3 6.1
EPSS 0.4082
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (4)
rubygems/actionpack 6.0.0 - 6.0.4.2RubyGems
rubyonrails/rails 6.0.4.2
rubyonrails/rails 6.1.4.2
rubyonrails/rails 7.0.0 rc2
Published Jan 10, 2022
Tracked Since Feb 18, 2026