Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.
Vulnerability Description
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, #, and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be bypassed. This can lead to host header poisoning in applications that use req.host, req.url, or req.base_url for link generation, redirects, or origin validation. This issue has been patched in versions 3.1.21 and 3.2.6.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
CWE-1286
Vulnerability Title
Rack 安全漏洞
Vulnerability Description
Rack是Rack开源的一个模块化的Ruby web服务器界面。 Rack 3.1.21之前版本和3.2.6之前版本存在安全漏洞,该漏洞源于Rack::Request使用AUTHORITY正则表达式解析Host标头时接受非法字符,可能导致主机标头投毒。
CVSS Information
N/A
Vulnerability Type
N/A