308 matches found
USN-7664-1 ruby-sinatra vulnerabilities
It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to perform local file inclusion, obtaining sensitive information. CVE-2022-29970 It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP...
USN-7664-1: Sinatra vulnerabilities
It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to perform local file inclusion, obtaining sensitive information. CVE-2022-29970 It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP...
TencentOS Server 4: pcs (TSSA-2024:1080)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1080 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
TencentOS Server 3: pcs (TSSA-2023:0189)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0189 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2024-37116
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3...
CVE-2022-25208
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25207
A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...
CVE-2022-25209
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2019-1003086
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
The vulnerability of the Ruby Sinatra web application development framework, related to errors in handling input data, allows attackers to compromise the confidentiality and integrity of protected information.
The vulnerability of the Ruby Sinatra web application development framework is related to errors in processing input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of protected information through the X-Forwarded-Host header...
ROS-20250326-04
A vulnerability in the Ruby Sinatra web application development framework is related to causing an Open Redirect Attack Attack by inserting an arbitrary address into this header. Exploiting the vulnerability allows an attacker, acting remotely, to gain access to sensitive data...
Linux Distros Unpatched Vulnerability : CVE-2024-21510
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When makin...
Linux Distros Unpatched Vulnerability : CVE-2018-1000119
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures...
pcs security update
An update is available for pcs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...
pcs security update
0.10.18-2.0.1.el810.3 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.3 - Prevented any future HTTP header-based attacks on puma/sinatra by removing any headers not recognized by pcsd Resolves: RHEL-65595...
Moderate: Red Hat Security Advisory: pcs security update
An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header
A flaw was found in Sinatra. This vulnerability allows an Open Redirect attack via the X-Forwarded-Host XFH header, potentially enabling Cache Poisoning or Server-Side Request Forgery SSRF when used in caching servers or reverse proxies...
Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header CVE-2024-21510 For more details about the security issues, including the impact, a CVSS score,...
ALSA-2024:10987 Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header CVE-2024-21510 For more details about the security issues, including the impact, a CVSS score,...
OESA-2024-2490 rubygem-sinatra security update
Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...