Skip to main content

Reliance on Untrusted Inputs in a Security Decision

CVE-2024-21510

Severity Medium
Score 5.4/10

Summary

All versions of the package sinatra are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the "X-Forwarded-Host" (XFH) header. When making a request for a method with redirects applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the "X-Forwarded-Host" header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF. This issue affects sinatra versions 1.2.0.c through 4.0.0.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • REQUIRED
  • NONE
  • LOW
  • NONE

CWE-807 - Reliance on Untrusted Inputs in a Security Decision

The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

Advisory Timeline

  • Published