Sinatrarb Sinatra 2.0.0 Release Candidate 1

CPE Details

Sinatrarb Sinatra 2.0.0 Release Candidate 1
sinatrarb
sinatra
2.0.0
2018-04-12
11h33 +00:00
2018-04-12
11h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc1:*:*:*:*:*:*

Informations

Vendor

sinatrarb

Product

sinatra

Version

2.0.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-45442 2022-11-27 23h00 +00:00 Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
8.8
High
CVE-2022-29970 2022-05-01 22h00 +00:00 Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
7.5
High
CVE-2018-11627 2018-05-31 17h00 +00:00 Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
6.1
Medium
CVE-2018-7212 2018-02-18 05h00 +00:00 An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
5.3
Medium