Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sinatrarb sinatra vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-7212
An issue exists in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x prior to 2.0.1 on Windows. Path traversal is possible via backslash characters.
Sinatrarb Sinatra 2.0.0
Sinatrarb Sinatra 2.0.1
5
CVSSv2
CVE-2022-29970
Sinatra prior to 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Sinatrarb Sinatra
Debian Debian Linux 10.0
NA
CVE-2022-45442
Sinatra is a domain-specific language for creating web applications in Ruby. An issue exists in Sinatra 2.0 prior to 2.2.3 and 3.0 prior to 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when th...
Sinatrarb Sinatra
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2018-11627
Sinatra prior to 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Sinatrarb Sinatra
Redhat Cloudforms 4.7
Redhat Cloudforms 4.6
4.3
CVSSv2
CVE-2018-1000119
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and previous versions contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This v...
Sinatrarb Rack-protection 2.0.0
Sinatrarb Rack-protection
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started