Lucene search
Gentoo FoundationMGASA-2023-0029HistoryFeb 07, 2023 - 3:06 a.m.
Updated ruby-sinatra packages fix security vulnerability
2023-02-0703:06:39
Gentoo Foundation
advisories.mageia.org
47
ruby-sinatra
security
vulnerability
http
content-disposition
cve-2022-45442
unix
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
77.7%
Potential reflected file download (RFD) vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename. (CVE-2022-45442)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | ruby-sinatra | < 2.0.8.1-1.2 | ruby-sinatra-2.0.8.1-1.2.mga8 |
Related
nessus
nessus
RHEL 8 : pcs (RHSA-2023:0393)
2023-01-24 00:00:00
RHEL 8 : pcs (RHSA-2023:0857)
2023-02-21 00:00:00
AlmaLinux 9 : pcs (ALSA-2023:0974)
2023-02-28 00:00:00
ubuntucve
ubuntucve
CVE-2022-45442
2022-11-28 00:00:00
debian
debian
[SECURITY] [DLA 3264-1] ruby-sinatra security update
2023-01-10 19:00:22
oraclelinux
oraclelinux
pcs security update
2023-03-01 00:00:00
pcs security update
2023-02-22 00:00:00
osv
osv
Moderate: pcs security update
2023-02-28 00:00:00
ruby-sinatra - security update
2023-01-10 00:00:00
Moderate: pcs security update
2023-02-22 01:08:55
redhat
redhat
(RHSA-2023:0974) Moderate: pcs security update
2023-02-28 07:53:55
(RHSA-2023:0857) Moderate: pcs security update
2023-02-21 09:57:03
(RHSA-2023:0427) Moderate: pcs security update
2023-01-24 14:00:57
nvd
nvd
CVE-2022-45442
2022-11-28 21:15:10
almalinux
almalinux
Moderate: pcs security update
2023-02-28 00:00:00
Moderate: pcs security update
2023-02-21 00:00:00
cve
cve
CVE-2022-45442
2022-11-28 21:15:10
redhatcve
redhatcve
CVE-2022-45442
2022-12-14 13:36:10
rubygems
rubygems
Sinatra vulnerable to Reflected File Download attack
2022-11-29 21:00:00
rocky
rocky
pcs security update
2023-02-22 01:08:55
redos
redos
ROS-20240524-03
2024-05-24 00:00:00
cvelist
cvelist
CVE-2022-45442 Sinatra vulnerable to Reflected File Download attack
2022-11-28 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0029)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3264-1)
2023-01-11 00:00:00
Debian: Security Advisory (DLA-3877-1)
2024-09-06 00:00:00
github
github
Sinatra vulnerable to Reflected File Download attack
2022-11-30 21:18:34
prion
prion
Input validation
2022-11-28 21:15:00
veracode
veracode
Reflected File Download
2022-11-29 05:26:03
debiancve
debiancve
CVE-2022-45442
2022-11-28 21:15:10
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
77.7%
Related for MGASA-2023-0029