4 matches found
EUVD-2025-33767
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
CVE-2025-61921
CVE-2025-61921 affects Sinatra up to version 4.1.x (pre-4.2.0), where parsing of If-Match and If-None-Match headers during response construction with etag can consume excessive time, enabling a possible DoS. The issue is tied to the header parsing component and impacts applications using the etag...
CVE-2025-61921 Sinatra has ReDoS vulnerability in ETag header value generation
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
PT-2025-41597
Name of the Vulnerable Software and Affected Versions Sinatra versions prior to 4.2.0 Description Sinatra, a domain-specific language for creating web applications in Ruby, contains an issue where carefully crafted input can cause excessive processing time during the parsing of If-Match and...