Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sinatrarb sinatra vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-45442
Sinatra is a domain-specific language for creating web applications in Ruby. An issue exists in Sinatra 2.0 prior to 2.2.3 and 3.0 prior to 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when th...
Sinatrarb Sinatra
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-29970
Sinatra prior to 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Sinatrarb Sinatra
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2018-11627
Sinatra prior to 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Sinatrarb Sinatra
Redhat Cloudforms 4.6
Redhat Cloudforms 4.7
5.9
CVSSv3
CVE-2018-1000119
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and previous versions contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This v...
Sinatrarb Rack-protection
Sinatrarb Rack-protection 2.0.0
5.3
CVSSv3
CVE-2018-7212
An issue exists in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x prior to 2.0.1 on Windows. Path traversal is possible via backslash characters.
Sinatrarb Sinatra 2.0.0
Sinatrarb Sinatra 2.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started