Host Header Attac

The application is vulnerable to Host Header Injection. An attacker can manipulate the Host header to redirect users to arbitrary domains or potentially poison web caches. Steps to reproduce: ------------------- 1. Navigate to https://rubygems.org/ and intercept the request. 1. Add header ==Forwarded: host=evil.com== and forward the request. 1. Notice you will be redirect to attacker's malicious website. ## Impact Successful exploitation can lead to user redirection to malicious sites, phishing attacks, and potential data loss. The overall impact of a Host Header attack can be significant, leading to financial loss, reputational damage, and legal consequences. It's crucial to address this vulnerability promptly to protect users and systems.