This site requires JavaScript to be enabled to function correctly, please enable it.
Summary:
CVE-2021-44528 rubygem-actionpack: specially crafted "X-Forwarded-Host" headers may lead to open redirect
Product:
[Other] Security Response
Reporter:
Marian Rehak <mrehak>
Component:
vulnerability Assignee:
Red Hat Product Security <security-response-team>
Status:
CLOSED
NOTABUG
QA Contact:
Severity:
medium
Docs Contact:
Priority:
medium
Version:
unspecified CC:
bbuckingham, bcourt, btotty, ehelms, jaruga, jsherril, lzap, mhulan, mmccune, mo, myarboro, nmoumoul, orabin, pcreech, pvalena, rchan, ruby-packagers-sig, sseago, strzibny, vondruch
Target Milestone:
--- Keywords:
Security
Target Release:
---
Hardware:
All
OS:
Linux
Whiteboard:
Fixed In Version:
rubygem-actionpack 6.1.4.2, rubygem-actionpack 6.0.4.2, rubygem-actionpack 7.0.0.rc2
Doc Type:
No Doc Update
Doc Text:
Story Points:
---
Clone Of:
Environment:
Last Closed:
2021-12-20 15:49:52 UTC
Type:
---
Regression:
---
Mount Type:
---
Documentation:
---
CRM:
Verified Versions:
Category:
---
oVirt Team:
---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:
---
Target Upstream Version:
Embargoed:
Bug Depends On:
2034268
Bug Blocks:
2034269