CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
61.1%
There is a possible open redirect vulnerability in the Host Authorization
middleware in Action Pack. This vulnerability has been assigned the CVE
identifier CVE-2021-22942.
Versions Affected: >= 6.0.0.
Not affected: < 6.0.0
Fixed Versions: 6.1.4.1, 6.0.4.1
Specially crafted βX-Forwarded-Hostβ headers in combination with certain
βallowed hostβ formats can cause the Host Authorization middleware in
Action Pack to redirect users to a malicious website.
Impacted applications will have allowed hosts with a leading dot.
For example, configuration files that look like this:
config.hosts << '.EXAMPLE.com'
When an allowed host contains a leading dot, a specially crafted
Host header can be used to redirect to a malicious website.
This vulnerability is similar to CVE-2021-22881, but CVE-2021-22881 did not
take in to account domain name case sensitivity.
The fixed releases are available at the normal locations.
In the case a patch canβt be applied, the following monkey patch can be
used in an initializer:
module ActionDispatch
class HostAuthorization
HOSTNAME = /[a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9.:]+\]/i
VALID_ORIGIN_HOST = /\A(#{HOSTNAME})(?::\d+)?\z/
VALID_FORWARDED_HOST = /(?:\A|,[ ]?)(#{HOSTNAME})(?::\d+)?\z/
private
def authorized?(request)
origin_host =
request.get_header("HTTP_HOST")&.slice(VALID_ORIGIN_HOST, 1) || ""
forwarded_host =
request.x_forwarded_host&.slice(VALID_FORWARDED_HOST, 1) || ""
@permissions.allows?(origin_host) &&
(forwarded_host.blank? || @permissions.allows?(forwarded_host))
end
end
end
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | actionpack | * | cpe:2.3:a:ruby:actionpack:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
61.1%