DEBIAN-CVE-2021-44528

DEBIAN-CVE-2021-44528 PUBLISHED CVSS 6.099999904632568 MEDIUM

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:11	rails	2:6.0.3.7+dfsg-2, 6.0.3.7+dfsg, 0
Debian:13	rails	0, 0, 0
Debian:14	rails	0, 0, 0
Debian:12	rails	0, 0, 0

Timeline

Jan 10, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-44528 advisory

Open in Interactive Console →