Reflected File Download

sinatra is vulnerable to reflected file download. The vulnerability exists because of missing validations of attachment function in base.rb which allows an attacker to perform untrusted file downloads...

Privilege Escalation

sinatra is vulnerable to Privilege Escalation. The vulnerability exists in static! function in base.rb because it doesn't validate expanded path matches publicdir when serving static files which allows an attacker to gain access to the system and perform unauthorized actions...

actionpack Path Traversal vulnerability

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...