CVE-2021-44528
Debian Security Advisory 5372-1
Severity Score
Exploit Likelihood
Affected Versions
3Public Exploits
0Exploited in Wild
-Decision
Descriptions
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
Se presenta una vulnerabilidad de redirección abierta en Action Pack versiones posteriores a 6.0.0 incluyéndola, que podría permitir a un atacante diseñar un encabezado "X-Forwarded-Host" en combinación con determinados formatos de "allowed host" puede causar que el middleware Host Authorization en Action Pack redirija a usuarios a un sitio web malicioso
Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-02 CVE Reserved
- 2022-01-07 CVE Published
- 2024-08-04 CVE Updated
- 2025-04-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-... |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2023/dsa-5372 | 2024-02-08 |