CVE-2024-21510
Description
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.248
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2024-21510 are fixed in Ruby-sinatra 4.1.0 | Windows |
| Pcs-snmp update (ELSA-2024-10987) pcs-snmp-0.10.18-2.0.1.el8_10.3.x86_64.rpm | Linux |
| Pcs update (ELSA-2024-10987) pcs-0.10.18-2.0.1.el8_10.3.x86_64.rpm | Linux |
| pcs Security Update (ALAS-2025-2853) pcs-snmp-0.9.169-3.amzn2.3.0.5.x86_64.rpm | Linux |
| pcs Security Update (ALAS-2025-2853) pcs-0.9.169-3.amzn2.3.0.5.x86_64.rpm | Linux |
| Vulnerabilities CVE-2024-21510 are fixed in Ruby-sinatra for Linux 4.1.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234