CVE-2025-61921
- EPSS 0.1%
- Veröffentlicht 10.10.2025 19:28:10
- Zuletzt bearbeitet 31.10.2025 16:27:16
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is use...
CVE-2022-45442
- EPSS 0.29%
- Veröffentlicht 28.11.2022 21:15:10
- Zuletzt bearbeitet 04.11.2025 16:15:52
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Dispos...
CVE-2022-29970
- EPSS 0.53%
- Veröffentlicht 02.05.2022 05:15:06
- Zuletzt bearbeitet 04.11.2025 16:15:49
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
CVE-2018-11627
- EPSS 0.4%
- Veröffentlicht 31.05.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:43
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
CVE-2018-7212
- EPSS 0.28%
- Veröffentlicht 18.02.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:48
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.