Tktech

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions prior to 6.1.2.1 Ruby on Rails versions prior to 6.0.3.5 **Description** The Host Authorization middleware in Action Pack is susceptible to an open redirect. Specifically crafted `Host` headers, when used with certain "allowed host" formats, can cause the middleware to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website. The vulnerability resides in the handling of the `Host` header and the `allowed host` configuration. **Recommendations** Update to Ruby on Rails version 6.1.2.1 or later. Update to Ruby on Rails version 6.0.3.5 or later.