rails is vulnerable to open redirection. Inadequate validation and regex matching of URLs allows an attacker to bypass validation checks using a malicious Host
header and redirect users to a malicious website.
www.openwall.com/lists/oss-security/2021/05/05/2
www.openwall.com/lists/oss-security/2021/08/20/1
www.openwall.com/lists/oss-security/2021/12/14/5
benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/
discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
github.com/rails/rails/pull/41435
hackerone.com/reports/1047447
lists.fedoraproject.org/archives/list/[email protected]/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/