Regular Expression Denial Of Service (ReDoS)

sinatra is vulnerable to Denial-Of-Service. The vulnerability is due to inefficient header parsing when the etag method is used, allowing attackers to send crafted headers that consume excessive CPU time and cause denial of service...

GHSA-MR3Q-G2MV-MR4Q Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

EUVD-2024-3268

Malicious code in bioql PyPI...

EUVD-2022-7200

Malicious code in bioql PyPI...

EUVD-2024-36439

Malicious code in bioql PyPI...

CVE-2024-37116

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3...

ROS-20250326-04

A vulnerability in the Ruby Sinatra web application development framework is related to causing an Open Redirect Attack Attack by inserting an arbitrary address into this header. Exploiting the vulnerability allows an attacker, acting remotely, to gain access to sensitive data...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

ALSA-2024:10987 Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header CVE-2024-21510 For more details about the security issues, including the impact, a CVSS score,...

SUSE CVE-2024-21510

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into...

DEBIAN-CVE-2024-21510

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into...

pcs security update

An update is available for pcs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...

SUSE CVE-2018-11627

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to improper validation of the Content-Disposition header when the filename was provided by the user. Exploiting this vulnerability results in a reflected file download RFD attack...

DEBIAN-CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...

CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...

PT-2022-7277 · Sinatra +8 · Sinatra +8

Name of the Vulnerable Software and Affected Versions: Sinatra versions 2.0 through 2.2.2 Sinatra versions 3.0 through 3.0.3 Description: The issue is related to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Sinatra路径遍历漏洞

Sinatra is a DSL for easily creating web applications in Ruby. A path traversal vulnerability exists in Sinatra versions prior to 2.2.0, which stems from not verifying that the extension path matches publicdir when serving static files...

rubygem-sinatra: XSS in the 400 Bad Request page

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception...