CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
61.0%
There is a possible open redirect vulnerability in the Host Authorization
middleware in Action Pack. This vulnerability has been assigned the CVE
identifier CVE-2021-22881.
Versions Affected: >= 6.0.0
Not affected: < 6.0.0
Fixed Versions: 6.1.2.1, 6.0.3.5
Specially crafted “Host” headers in combination with certain “allowed host”
formats can cause the Host Authorization middleware in Action Pack to redirect
users to a malicious website.
Impacted applications will have allowed hosts with a leading dot. For
example, configuration files that look like this:
config.hosts << '.tkte.ch'
When an allowed host contains a leading dot, a specially crafted Host header
can be used to redirect to a malicious website.
In the case a patch can’t be applied, the following monkey patch can be used
in an initializer:
module ActionDispatch
class HostAuthorization
private
def authorized?(request)
valid_host = /
\A
(?<host>[a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9\.:]+\])
(:\d+)?
\z
/x
origin_host = valid_host.match(
request.get_header("HTTP_HOST").to_s.downcase)
forwarded_host = valid_host.match(
request.x_forwarded_host.to_s.split(/,\s?/).last)
origin_host && @permissions.allows?(origin_host[:host]) && (
forwarded_host.nil? || @permissions.allows?(forwarded_host[:host]))
end
end
end
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
61.0%