Sinatrarb Sinatra
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sinatrarb Sinatra.
By the Year
In 2025 there have been 0 vulnerabilities in Sinatrarb Sinatra. Sinatra did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 8.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.10 |
It may take a day or so for new Sinatra vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sinatrarb Sinatra Security Vulnerabilities
Sinatra is a domain-specific language for creating web applications in Ruby
CVE-2022-45442
8.8 - High
- November 28, 2022
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
Download of Code Without Integrity Check
Sinatra before 2.2.0 does not validate
CVE-2022-29970
- May 02, 2022
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Sinatra before 2.0.2 has XSS via the 400 Bad Request page
CVE-2018-11627
6.1 - Medium
- May 31, 2018
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sinatrarb Sinatra or by Sinatrarb? Click the Watch button to subscribe.
