216.73.217.80

CVE-2024-21510

· Published 01/11/2024 05:15 · Modified 01/11/2024 12:57

Labels: CVE-2024-21510 2024-11-01CVE-2024-21510CWE-807[email protected]

Essential information

Published
01/11/2024 05:15
Modified
01/11/2024 12:57
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS metrics

Description

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References