303 matches found
Astra Linux - уязвимость в ruby-sinatra
Sinatra is a domain-specific language for creating web applications in Ruby. A vulnerability was discovered in Sinatra 2.0 before versions 2.2.3 and 3.0 before version 3.0.4. The application is vulnerable to a reflected file download RFD attack, which causes the Content-Disposition header of a...
Astra Linux - уязвимость в ruby-sinatra
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there was a denial-of-service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method was used when constructing the response. Carefully crafted...
Astra Linux - уязвимость в ruby-sinatra
In versions of Sinatra before 2.2.0, it does not validate that the expanded path matches publicdir when serving static files...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005306)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005306 advisory. Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a...
MiracleLinux 8 : pcs-0.10.18-2.el8_10.3.ML.1 (AXSA:2024-9389:07)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9389:07 advisory. sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header CVE-2024-21510 Tenable has extracted the preceding description block directly fro...
MiracleLinux 8 : pcs-0.10.12-6.el8.1.ML.1 (AXSA:2022-3740:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3740:04 advisory. sinatra: path traversal possible outside of publicdir when serving static files CVE-2022-29970 Tenable has extracted the preceding description block directly...
MiracleLinux 8 : pcs-0.10.14-5.el8.2.ML.1 (AXSA:2023-5163:05)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5163:05 advisory. sinatra: Reflected File Download attack CVE-2022-45442 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
Regular Expression Denial Of Service (ReDoS)
sinatra is vulnerable to Denial-Of-Service. The vulnerability is due to inefficient header parsing when the etag method is used, allowing attackers to send crafted headers that consume excessive CPU time and cause denial of service...
CVE-2025-61921
A flaw was found in Sinatra. A Regular Expression Denial of Service ReDoS vulnerability can be triggered when parsing the If-Match and If-None-Match HTTP headers. A remote attacker can exploit this issue by sending a specially crafted header to an application endpoint that uses the etag method,...
Linux Distros Unpatched Vulnerability : CVE-2025-61921
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the...
SUSE CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
Sinatra is vulnerable to ReDoS through ETag header value generation
Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...
GHSA-MR3Q-G2MV-MR4Q Sinatra is vulnerable to ReDoS through ETag header value generation
Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...
CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
DEBIAN-CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
UBUNTU-CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
EUVD-2025-33767
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
CVE-2025-61921
CVE-2025-61921 affects Sinatra up to version 4.1.x (pre-4.2.0), where parsing of If-Match and If-None-Match headers during response construction with etag can consume excessive time, enabling a possible DoS. The issue is tied to the header parsing component and impacts applications using the etag...
CVE-2025-61921 Sinatra has ReDoS vulnerability in ETag header value generation
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
CVE-2025-61921 Sinatra has ReDoS vulnerability in ETag header value generation
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...