A open redirect vulnerability exists in Action Pack > 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
Publication date: Mon, 10 Jan 2022 20:10:00 +0000