Reliance on Untrusted Inputs in a Security Decision
CVE-2024-21510
Summary
All versions of the package sinatra are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the "X-Forwarded-Host" (XFH) header. When making a request for a method with redirects applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the "X-Forwarded-Host" header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF. This issue affects sinatra versions 1.2.0.c through 4.0.0.
- LOW
- NETWORK
- LOW
- UNCHANGED
- REQUIRED
- NONE
- LOW
- NONE
CWE-807 - Reliance on Untrusted Inputs in a Security Decision
The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
References
Advisory Timeline
- Published