漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Rails Action Pack 输入验证错误漏洞
Vulnerability Description
Rails Action Pack是美国Rails社区的一个web框架。提供了路由机制(将请求URL映射到动作),定义实现动作的控制器以及通过渲染视图(各种格式的模板)生成响应的机制。 Action Pack ruby gem 6.1.3.2 之前的版本存在输入验证错误漏洞。该漏洞可能会导致 Action Pack 中的主机授权中间件将用户重定向到恶意网站。
CVSS Information
N/A
Vulnerability Type
N/A