Published: 02/05/2022 Updated: 16/11/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Sinatra prior to 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sinatrarb sinatra
debian debian linux 10.0

Debian Bug report logs - #1014717 ruby-sinatra: CVE-2022-29970 Package: src:ruby-sinatra; Maintainer for src:ruby-sinatra is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 10 Jul 2022 18:15:04 UTC Severity: grave Tags: ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this u ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated this u ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security has ra ...

Synopsis Important: Satellite 612 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 612 The release contains a new version of Satellite and important security fixe ...

A flaw was found in Sinatra when serving static files from the public directory The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served ...

CWE-22 https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-29970

CVE-2022-29970

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect