Oval Definition:oval:org.opensuse.security:def:202122881
Revision Date:2022-06-30Version:1
Title:CVE-2021-22881
Description:

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-22881
SUSE CVE-2021-22881
Platform(s):openSUSE Tumbleweed
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ruby2.1-rubygem-actionpack-4_2 is not affected
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND rubygem-actionpack-4_2 is not affected
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 is installed
  • OR ruby3.0-rubygem-actionpack-6.0-6.0.4-1.2 is installed
  • OR ruby3.1-rubygem-actionpack-6.0-6.0.4.4-1.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND ruby2.1-rubygem-actionpack-4_2 is not affected
    • BACK