Description
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
Remediation
References
Related Vulnerabilities
WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (8.1)
WordPress Plugin Pixabay Images Multiple Vulnerabilities (2.3)
WordPress Plugin wpcu3er 'ajaxReq.php' Arbitrary File Upload (0.55)
WordPress Plugin WP Post Popup Directory Traversal (2.1.1)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.17.29)