VYPR
Medium severity5.4GHSA Advisory· Published Nov 1, 2024· Updated Apr 15, 2026

CVE-2024-21510

CVE-2024-21510

Description

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sinatraRubyGems
< 4.1.04.1.0

Affected products

88

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.