CVE-2021-22942
Summary
| CVE | CVE-2021-22942 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-10-18 13:15:00 UTC |
|---|
| Updated | 2024-02-02 14:15:00 UTC |
|---|
| Description | A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Rubyonrails |
Rails |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| CVE-2021-22942 Ruby on Rails Vulnerability in NetApp Products | NetApp Product Security |
|
security.netapp.com |
|
| Debian -- Security Information -- DSA-5372-1 rails |
DEBIAN |
www.debian.org |
|
| oss-security - [CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware |
MLIST |
www.openwall.com |
|
| Rails 6.0.4.1 and 6.1.4.1 have been released | Riding Rails |
MISC |
weblog.rubyonrails.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181676 Debian Security Update for rails (DSA 5372-1)
- 183947 Debian Security Update for rails (CVE-2021-22942)
