Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:8::highavailability | |
Vendors & Products |
Redhat
Redhat enterprise Linux |
Fri, 01 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 01 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header | |
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Fri, 01 Nov 2024 05:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF. | |
Weaknesses | CWE-807 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-11-01T05:00:04.821Z
Updated: 2024-11-18T12:19:21.911Z
Reserved: 2023-12-22T12:33:20.119Z
Link: CVE-2024-21510
Vulnrichment
Updated: 2024-11-01T14:19:43.521Z
NVD
Status : Awaiting Analysis
Published: 2024-11-01T05:15:05.640
Modified: 2024-11-01T12:57:03.417
Link: CVE-2024-21510
Redhat