Lucene search
+L

308 matches found

osv
osv
added 2025/07/22 12:17 p.m.6 views

USN-7664-1 ruby-sinatra vulnerabilities

It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to perform local file inclusion, obtaining sensitive information. CVE-2022-29970 It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP...

8.8CVSS6.4AI score0.02059EPSS
Exploits1References3
ubuntu
ubuntu
added 2025/07/22 12:17 p.m.6 views

USN-7664-1: Sinatra vulnerabilities

It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to perform local file inclusion, obtaining sensitive information. CVE-2022-29970 It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP...

8.8CVSS6.9AI score0.02059EPSS
Exploits1
nessus
nessus
added 2025/06/16 12:0 a.m.8 views

TencentOS Server 4: pcs (TSSA-2024:1080)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1080 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.4CVSS7.1AI score0.00476EPSS
Exploits0References2
nessus
nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: pcs (TSSA-2023:0189)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0189 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.8CVSS7.2AI score0.00642EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/05/23 7:42 a.m.14 views

CVE-2024-37116

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3...

6.5CVSS6.8AI score0.00261EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 1:25 a.m.8 views

CVE-2022-25208

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS6.6AI score0.01097EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 12:4 a.m.9 views

CVE-2022-25207

A cross-site request forgery CSRF vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response...

8.8CVSS6.8AI score0.00717EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:36 p.m.6 views

CVE-2022-25209

Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS6.7AI score0.01107EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:7 a.m.11 views

CVE-2019-1003086

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2025/04/07 12:0 a.m.7 views

The vulnerability of the Ruby Sinatra web application development framework, related to errors in handling input data, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the Ruby Sinatra web application development framework is related to errors in processing input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of protected information through the X-Forwarded-Host header...

6.4CVSS6.2AI score0.00476EPSS
Exploits0References10Affected Software7
redos
redos
added 2025/03/26 12:0 a.m.11 views

ROS-20250326-04

A vulnerability in the Ruby Sinatra web application development framework is related to causing an Open Redirect Attack Attack by inserting an arbitrary address into this header. Exploiting the vulnerability allows an attacker, acting remotely, to gain access to sensitive data...

5.4CVSS7.4AI score0.00476EPSS
Exploits0
nessus
nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-21510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When makin...

5.4CVSS6.4AI score0.00476EPSS
Exploits0References3
nessus
nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures...

5.9CVSS6.6AI score0.0245EPSS
Exploits0References2
rocky
rocky
added 2024/12/19 4:18 a.m.18 views

pcs security update

An update is available for pcs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...

5.4CVSS6.8AI score0.00476EPSS
Exploits0
oraclelinux
oraclelinux
added 2024/12/13 12:0 a.m.18 views

pcs security update

0.10.18-2.0.1.el810.3 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.3 - Prevented any future HTTP header-based attacks on puma/sinatra by removing any headers not recognized by pcsd Resolves: RHEL-65595...

5.4CVSS6.9AI score0.00476EPSS
Exploits0
redhat
redhat
added 2024/12/12 10:1 a.m.18 views

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

5.4CVSS6.7AI score0.00476EPSS
Exploits0References2
redhat
redhat
added 2024/12/12 10:1 a.m.2 views

sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header

A flaw was found in Sinatra. This vulnerability allows an Open Redirect attack via the X-Forwarded-Host XFH header, potentially enabling Cache Poisoning or Server-Side Request Forgery SSRF when used in caching servers or reverse proxies...

5.4CVSS5.7AI score0.00476EPSS
Exploits0References8
almalinux
almalinux
added 2024/12/12 12:0 a.m.8 views

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header CVE-2024-21510 For more details about the security issues, including the impact, a CVSS score,...

5.4CVSS7.3AI score0.00476EPSS
Exploits0References4
osv
osv
added 2024/12/12 12:0 a.m.8 views

ALSA-2024:10987 Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header CVE-2024-21510 For more details about the security issues, including the impact, a CVSS score,...

5.4CVSS5.8AI score0.00476EPSS
Exploits0References4
osv
osv
added 2024/11/29 11:57 a.m.4 views

OESA-2024-2490 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
Rows per page
Query Builder