Sinatrarb Sinatra
By the Year
In 2024 there have been 0 vulnerabilities in Sinatrarb Sinatra . Sinatra did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 2 | 8.15 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 6.10 |
It may take a day or so for new Sinatra vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sinatrarb Sinatra Security Vulnerabilities
Sinatra is a domain-specific language for creating web applications in Ruby
CVE-2022-45442
8.8 - High
- November 28, 2022
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
Download of Code Without Integrity Check
Sinatra before 2.2.0 does not validate
CVE-2022-29970
7.5 - High
- May 02, 2022
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Directory traversal
Sinatra before 2.0.2 has XSS via the 400 Bad Request page
CVE-2018-11627
6.1 - Medium
- May 31, 2018
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sinatrarb Sinatra or by Sinatrarb? Click the Watch button to subscribe.