MGASA-2023-0029 Updated ruby-sinatra packages fix security vulnerability

Potential reflected file download RFD vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename. CVE-2022-45442...

MGASA-2022-0280 Updated ruby-sinatra packages fix security vulnerability

Sinatra before 2.2.0 does not validate that the expanded path matches publicdir when serving static files. CVE-2022-29970...