Skip to content

Commit

Permalink
Added patched_versions to CVE 2024-21510 (#838)
Browse files Browse the repository at this point in the history 
---------

Co-authored-by: Postmodern <[email protected]>
  • Loading branch information
@ThomasKoppensteiner @postmodern
ThomasKoppensteiner and postmodern authored Nov 19, 2024
1 parent 152f634 commit abe5f92
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions gems/sinatra/CVE-2024-21510.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,16 @@ description: |
handling the X-Forwarded-Host header, attackers can potentially
exploit Cache Poisoning or Routing-based SSRF.
cvss_v3: 5.4
notes: Never patched
patched_versions:
- ">= 4.1.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2024-21510
- https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
- https://github.com/sinatra/sinatra/pull/2010
- https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
- https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
- https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
- https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
- https://github.com/sinatra/sinatra/issues/2052
- https://github.com/sinatra/sinatra/pull/2010
- https://github.com/sinatra/sinatra/pull/2053
- https://github.com/sinatra/sinatra/commit/cd3e00de20ddaff34ea30f7a74a7b9dad189d1d8

0 comments on commit abe5f92

Please sign in to comment.