How severe is CVE-2024-21510?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-21510?

This is classified as CWE-807, which is a common weakness in software security.

CVE-2024-21510 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

Related Vulnerabilities

CVE-2022-24400

MEDIUM

CVSS:5.9(Medium)

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

CWE-8072022

CVE-2021-29479

MEDIUM

CVSS:6.1(Medium)

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if...

CWE-8072021

CVE-2017-0887

MEDIUM

CVSS:4.3(Medium)

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary ...

CWE-8072017

CVE-2022-20744

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vul...

CWE-8072022

CVE-2024-45654

MEDIUM

CVSS:4.3(Medium)

IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.

CWE-8072024

CVE-2020-5252

MEDIUM

CVSS:4.1(Medium)

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routi...

CWE-8072020