N/A

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

N/A

指向未可信站点的URL重定向(开放重定向)

Rails Action Pack 输入验证错误漏洞

Rails Action Pack是美国Rails社区的一个web框架。提供了路由机制（将请求URL映射到动作），定义实现动作的控制器以及通过渲染视图（各种格式的模板）生成响应的机制。 Action Pack中存在输入验证错误漏洞，该漏洞源于网络系统或产品未对输入的数据进行正确的验证。

N/A

N/A