CVE-2024-21510

MEDIUM

Rubygems Sinatra < 4.1.0 - SSRF

Title source: rule

Description

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

References (4)

[Various Sources] https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319

[Various Sources] https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17

[Third Party Advisory] https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832

[Issue Tracking] https://github.com/sinatra/sinatra/pull/2010

Scores

CVSS v3 5.4

EPSS 0.0022

EPSS Percentile 43.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-807

Status published

Products (2)

n/a/sinatra 0.0.0

rubygems/sinatra 0 - 4.1.0RubyGems

Published Nov 01, 2024

Tracked Since Feb 18, 2026