SUSE CVE-2025-61921

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...

CVE-2025-61921

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...

sinatra

This is the official repository for the Sinatra web framework. It is a DSL Domain Specific Language for web development, allowing developers to create web applications in a concise and elegant way. The repository contains the core code for Sinatra, as well as various plugins and extensions. The...

sinatra

This is a Sinatra repository, a DSL for creating web applications in Ruby with minimal effort. The repository contains various files, including a .github/workflows/test.yml file that defines a GitHub Actions workflow for testing, and a Gemfile that lists dependencies for the project. The Gemfile...

USN-7664-1 ruby-sinatra vulnerabilities

It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to perform local file inclusion, obtaining sensitive information. CVE-2022-29970 It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP...

PT-2024-27312 · Sinatra · Sinatra

Name of the Vulnerable Software and Affected Versions: Sinatra versions through 1.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions through...

Sinatra 安全漏洞

Sinatra is a DSL for easily creating web applications in Ruby. A security vulnerability exists in Sinatra version 2.0 up to and including version 2.2.3, and version 3.0 up to and including version 3.0.4, which stems from an application being vulnerable to a Reflected File Download RFD attack when...

smashing 跨站脚本漏洞

smashing is a software application. A framework based on Sinatra. A cross-site scripting vulnerability exists in Smashing 1.3.4, which stems from the ability to craft a URL for a widget and use it to execute JavaScript on a victim's computer...

rack-protection: Timing attack in authenticity_token.rb

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

Sinatra rack-protection cross-site request forgery vulnerability

Sinatra rack-protection is a component used in Sinatra to defend against web tools. A security vulnerability exists in the detection of cross-site request forgery tokens in Sinatra rack-protection 1.5.4 and 2.0.0.rc3 and earlier versions. An attacker can exploit this vulnerability to obtain a...