{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T14:31:44.802","vulnerabilities":[{"cve":{"id":"CVE-2024-21510","sourceIdentifier":"report@snyk.io","published":"2024-11-01T05:15:05.640","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF."},{"lang":"es","value":"Las versiones del paquete sinatra a partir de la versión 0.0.0 son vulnerables a la dependencia de entradas no confiables en una decisión de seguridad a través del encabezado X-Forwarded-Host (XFH). Al realizar una solicitud a un método con redirección aplicada, es posible desencadenar un ataque de redirección abierta insertando una dirección arbitraria en este encabezado. Si se utiliza con fines de almacenamiento en caché, como con servidores como Nginx, o como un proxy inverso, sin manejar el encabezado X-Forwarded-Host, los atacantes pueden explotar potencialmente el envenenamiento de caché o SSRF basada en enrutamiento."}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-807"}]}],"references":[{"url":"https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319","source":"report@snyk.io"},{"url":"https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17","source":"report@snyk.io"},{"url":"https://github.com/sinatra/sinatra/pull/2010","source":"report@snyk.io"},{"url":"https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832","source":"report@snyk.io"}]}}]}