Lucene search

K

Sinatrarb Security Vulnerabilities

cve
cve

CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is.....

8.8CVSS

8.3AI Score

0.002EPSS

2022-11-28 09:15 PM
82
2
cve
cve

CVE-2022-29970

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static...

7.5CVSS

7.4AI Score

0.002EPSS

2022-05-02 05:15 AM
123
2
cve
cve

CVE-2018-11627

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser...

6.1CVSS

5.8AI Score

0.001EPSS

2018-05-31 07:29 PM
216
cve
cve

CVE-2018-1000119

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have....

5.9CVSS

6.4AI Score

0.002EPSS

2018-03-07 02:29 PM
80
cve
cve

CVE-2018-7212

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash...

5.3CVSS

5.2AI Score

0.001EPSS

2018-02-18 06:29 AM
48