The Host Authorization middleware in Action Pack before 220.127.116.11, 18.104.22.168 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain „allowed host“ formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.
CVSS 2: MEDIUM – 5.8 (Version: 2.0)
CVSS 3: MEDIUM – 6.1 (Version: 3.1)
Quelle: NVD – CVE-2021-22881
Datum Veröffentlichung: 2021-02-11T18:15Z, Datum letzte Änderung: 2021-05-06T14:15Z