This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sinatrarb First view 2018-02-18
Product Sinatra Last view 2022-11-28
Version 2.0.0 Type Application
Update rc5  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sinatrarb:sinatra

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2022-11-28 CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
7.5 2022-05-02 CVE-2022-29970

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
6.1 2018-05-31 CVE-2018-11627

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
5.3 2018-02-18 CVE-2018-7212

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
33% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-3f61c5cf7c.nasl - Type: ACT_GATHER_INFO
2018-08-02 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_ca05d9daac1d41138a05ffe9cd0d6160.nasl - Type: ACT_GATHER_INFO
2018-06-25 Name: The remote Fedora host is missing a security update.
File: fedora_2018-0b17e1e529.nasl - Type: ACT_GATHER_INFO