Affected versions of this package are vulnerable to Open Redirect. Specially crafted
Host headers in combination with certain
allowed host formats can cause the Host Authorization middleware in
ActionPack to redirect users to a malicious website. When an allowed host contains a leading dot, a specially crafted
Host header can be used to redirect to a malicious website.
actionpack to version 18.104.22.168, 22.214.171.124 or higher.