39 matches found
Astra Linux - уязвимость в ruby-sinatra
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there was a denial-of-service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method was used when constructing the response. Carefully crafted...
SUSE CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
Sinatra is vulnerable to ReDoS through ETag header value generation
Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...
DEBIAN-CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
UBUNTU-CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
CVE-2025-61921
CVE-2025-61921 affects Sinatra up to version 4.1.x (pre-4.2.0), where parsing of If-Match and If-None-Match headers during response construction with etag can consume excessive time, enabling a possible DoS. The issue is tied to the header parsing component and impacts applications using the etag...
EUVD-2025-33767
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
CVE-2025-61921 Sinatra has ReDoS vulnerability in ETag header value generation
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
CVE-2025-61921 Sinatra has ReDoS vulnerability in ETag header value generation
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
CVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
Sinatra 安全漏洞
Sinatra is a Sinatra open source DSL for quickly creating web applications in Ruby with minimal effort A security vulnerability exists in Sinatra versions prior to 4.2.0 that stems from a flaw in the If-Match and If-None-Match header parsing components that could lead to a denial of service attac...
PT-2025-41597
Name of the Vulnerable Software and Affected Versions Sinatra versions prior to 4.2.0 Description Sinatra, a domain-specific language for creating web applications in Ruby, contains an issue where carefully crafted input can cause excessive processing time during the parsing of If-Match and...
Sinatra is vulnerable to ReDoS through ETag header value generation
Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...
Linux Distros Unpatched Vulnerability : CVE-2023-22795
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression based DoS vulnerability in Action Dispatch 6.1.7.1 and 7.0.4.1 related to the If- None-Match header. A specially crafted HTTP If-None-Match...
org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
A flaw was found in the Spring Web org.springframework:spring-web package. Due to improper ETag prefix validation when the application parses ETags from the If-Match or If-None-Match request headers, an attacker can trigger a denial of service by sending a maliciously crafted conditional HTTP...
DEBIAN-CVE-2024-38809
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...
UBUNTU-CVE-2024-38809
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...
CVE-2024-38809
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...
CVE-2024-38809
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...