UBUNTU-CVE-2021-44528
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 10 Jan 2022, 14:10
Last modified:20 May 2026, 16:05
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
6.1 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
10 Jan 2022, 14:10
Published
Vulnerability first disclosed
20 May 2026, 16:05
Last Modified
Vulnerability information updated
Description
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Systems
- ubuntu•rails
all | all | all | all
References (6)
- https://ubuntu.com/security/CVE-2021-44528
- https://www.openwall.com/lists/oss-security/2021/12/14/5
- https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815
- https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107
- https://github.com/rails/rails/commit/fd6a64fef1d0f7f40a8d4b046da882e83163299c
- https://www.cve.org/CVERecord?id=CVE-2021-44528