Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-29970  

A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.

Source

Description

A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.

Mitigation

Disable the static option which will disable the public_dir option. With this configuration, Sinatra will not serve files from the public directory and therefore files outside of it.

Additional Information

  • Bugzilla 2081096: CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • FAQ: Frequently asked questions about CVE-2022-29970

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started