Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Rails Action Pack 输入验证错误漏洞
Vulnerability Description
Rails Action Pack是美国Rails社区的一个web框架。提供了路由机制(将请求URL映射到动作),定义实现动作的控制器以及通过渲染视图(各种格式的模板)生成响应的机制。 Action Pack ruby gem 6.1.3.2 之前的版本存在输入验证错误漏洞。该漏洞可能会导致 Action Pack 中的主机授权中间件将用户重定向到恶意网站。
CVSS Information
N/A
Vulnerability Type
N/A