Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/sinatra@4.1.0
Typegem
Namespace
Namesinatra
Version4.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.0
Latest_non_vulnerable_version4.2.0
Affected_by_vulnerabilities
0
url VCID-tax5-a72w-mbhy
vulnerability_id VCID-tax5-a72w-mbhy
summary 
Sinatra is vulnerable to ReDoS through ETag header value generation
There is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the response and you are using Ruby < 3.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61921
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60523
published_at 2026-04-21T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60534
published_at 2026-04-18T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60526
published_at 2026-04-16T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60484
published_at 2026-04-13T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60505
published_at 2026-04-12T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60518
published_at 2026-04-11T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60497
published_at 2026-04-09T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60481
published_at 2026-04-08T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60465
published_at 2026-04-04T12:55:00Z
9
value 0.00397
scoring_system epss
scoring_elements 0.60433
published_at 2026-04-07T12:55:00Z
10
value 0.00397
scoring_system epss
scoring_elements 0.60438
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61921
2
reference_url https://bugs.ruby-lang.org/issues/19104
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://bugs.ruby-lang.org/issues/19104
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd
6
reference_url https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb
7
reference_url https://github.com/sinatra/sinatra/issues/2120
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/issues/2120
8
reference_url https://github.com/sinatra/sinatra/pull/1823
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/pull/1823
9
reference_url https://github.com/sinatra/sinatra/pull/2121
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/pull/2121
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
reference_id 1118290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403178
reference_id 2403178
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403178
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61921
reference_id CVE-2025-61921
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61921
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml
reference_id CVE-2025-61921.YML
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml
14
reference_url https://github.com/advisories/GHSA-mr3q-g2mv-mr4q
reference_id GHSA-mr3q-g2mv-mr4q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mr3q-g2mv-mr4q
15
reference_url https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
reference_id GHSA-mr3q-g2mv-mr4q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
fixed_packages
0
url pkg:gem/sinatra@4.2.0
purl pkg:gem/sinatra@4.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.2.0
aliases CVE-2025-61921, GHSA-mr3q-g2mv-mr4q
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tax5-a72w-mbhy
Fixing_vulnerabilities
0
url VCID-vy9q-nvxx-yfh5
vulnerability_id VCID-vy9q-nvxx-yfh5
summary 
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44028
published_at 2026-04-21T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48154
published_at 2026-04-16T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48101
published_at 2026-04-13T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.4809
published_at 2026-04-12T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48073
published_at 2026-04-02T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48094
published_at 2026-04-04T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-07T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48097
published_at 2026-04-08T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48115
published_at 2026-04-11T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48092
published_at 2026-04-09T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48149
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
3
reference_url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
5
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
6
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
7
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
8
reference_url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
9
reference_url https://github.com/sinatra/sinatra/pull/2010
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/pull/2010
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
11
reference_url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
reference_id 1087290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
reference_id 2323117
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
14
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
reference_id base.rb%23L319
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
15
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
reference_id base.rb%23L323C1-L343C17
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
16
reference_url https://access.redhat.com/errata/RHSA-2024:10987
reference_id RHSA-2024:10987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10987
fixed_packages
0
url pkg:gem/sinatra@4.1.0
purl pkg:gem/sinatra@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tax5-a72w-mbhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.1.0
aliases CVE-2024-21510, GHSA-hxx2-7vcw-mqr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy9q-nvxx-yfh5
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.1.0