Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby-sinatra@4.1.1-2?distro=trixie
Typedeb
Namespacedebian
Nameruby-sinatra
Version4.1.1-2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.2.1-1
Latest_non_vulnerable_version4.2.1-3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-vy9q-nvxx-yfh5
vulnerability_id VCID-vy9q-nvxx-yfh5
summary 
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43225
published_at 2026-05-15T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43204
published_at 2026-05-14T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43141
published_at 2026-05-12T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.43111
published_at 2026-05-11T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43172
published_at 2026-05-09T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43081
published_at 2026-05-05T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43156
published_at 2026-05-07T12:55:00Z
7
value 0.00215
scoring_system epss
scoring_elements 0.43979
published_at 2026-04-24T12:55:00Z
8
value 0.00215
scoring_system epss
scoring_elements 0.43983
published_at 2026-04-26T12:55:00Z
9
value 0.00215
scoring_system epss
scoring_elements 0.43898
published_at 2026-04-29T12:55:00Z
10
value 0.00215
scoring_system epss
scoring_elements 0.44028
published_at 2026-04-21T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.48094
published_at 2026-04-04T12:55:00Z
12
value 0.00248
scoring_system epss
scoring_elements 0.48149
published_at 2026-04-18T12:55:00Z
13
value 0.00248
scoring_system epss
scoring_elements 0.48154
published_at 2026-04-16T12:55:00Z
14
value 0.00248
scoring_system epss
scoring_elements 0.48101
published_at 2026-04-13T12:55:00Z
15
value 0.00248
scoring_system epss
scoring_elements 0.4809
published_at 2026-04-12T12:55:00Z
16
value 0.00248
scoring_system epss
scoring_elements 0.48115
published_at 2026-04-11T12:55:00Z
17
value 0.00248
scoring_system epss
scoring_elements 0.48092
published_at 2026-04-09T12:55:00Z
18
value 0.00248
scoring_system epss
scoring_elements 0.48097
published_at 2026-04-08T12:55:00Z
19
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-07T12:55:00Z
20
value 0.00248
scoring_system epss
scoring_elements 0.48073
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
3
reference_url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
5
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
6
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
7
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
8
reference_url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
9
reference_url https://github.com/sinatra/sinatra/pull/2010
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/pull/2010
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
11
reference_url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
reference_id 1087290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
reference_id 2323117
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
14
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
reference_id base.rb%23L319
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
15
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
reference_id base.rb%23L323C1-L343C17
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
16
reference_url https://access.redhat.com/errata/RHSA-2024:10987
reference_id RHSA-2024:10987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10987
fixed_packages
0
url pkg:deb/debian/ruby-sinatra@4.1.1-2?distro=trixie
purl pkg:deb/debian/ruby-sinatra@4.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-sinatra@4.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-sinatra@4.1.1-5?distro=trixie
purl pkg:deb/debian/ruby-sinatra@4.1.1-5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tax5-a72w-mbhy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-sinatra@4.1.1-5%3Fdistro=trixie
2
url pkg:deb/debian/ruby-sinatra@4.2.1-3?distro=trixie
purl pkg:deb/debian/ruby-sinatra@4.2.1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-sinatra@4.2.1-3%3Fdistro=trixie
aliases CVE-2024-21510, GHSA-hxx2-7vcw-mqr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy9q-nvxx-yfh5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-sinatra@4.1.1-2%3Fdistro=trixie