4 matches found
Reflected File Download
sinatra is vulnerable to reflected file download. The vulnerability exists because of missing validations of attachment function in base.rb which allows an attacker to perform untrusted file downloads...