Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is.....
8.8CVSS
8.3AI Score
0.003EPSS
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static...
7.5CVSS
7.4AI Score
0.002EPSS
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML...
8.8CVSS
8.4AI Score
0.001EPSS
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE)...
8.8CVSS
8.6AI Score
0.001EPSS
A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML...
8.8CVSS
8.6AI Score
0.001EPSS
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified...
6.5CVSS
6.3AI Score
0.002EPSS
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified...
6.5CVSS
6.2AI Score
0.001EPSS
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser...
6.1CVSS
5.8AI Score
0.001EPSS
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash...
5.3CVSS
5.2AI Score
0.001EPSS