Search CVE reports
1 – 4 of 4 results
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to...
1 affected package
ruby-sinatra
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-sinatra | Ignored | Ignored | Ignored | Ignored |
Some fixes available 4 of 5
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that...
1 affected package
ruby-sinatra
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-sinatra | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 5
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
1 affected package
ruby-sinatra
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-sinatra | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 9
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
1 affected package
ruby-sinatra
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-sinatra | — | Fixed | Fixed | Not affected |