5 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-45442 – Sinatra vulnerable to Reflected File Download attack

https://notcve.org/view.php?id=CVE-2022-45442

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. Sinatra es un lenguaje de dominio específico para crear aplicaciones web en Ruby. • https://github.com/advisories/GHSA-8x94-hmjh-97hq https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw https://lists.debian.org/debian-lts-announce/2023/01/msg00005.html https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf https://access.redhat.com/security/cve/CVE-2022-45442 https://bugzilla.redhat.com/show_bug.cgi?id=2153363 • CWE-494: Download of Code Without Integrity Check •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-29970 – sinatra: path traversal possible outside of public_dir when serving static files

https://notcve.org/view.php?id=CVE-2022-29970

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Sinatra versiones anteriores a 2.2.0, no comprueba que la ruta expandida coincida con public_dir cuando sirve archivos estáticos A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served. • https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html https://access.redhat.com/security/cve/CVE-2022-29970 https://bugzilla.redhat.com/show_bug.cgi?id=2081096 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1

CVE-2018-11627 – rubygem-sinatra: XSS in the 400 Bad Request page

https://notcve.org/view.php?id=CVE-2018-11627

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. Sinatra en versiones anteriores a la 2.0.2 tiene Cross-Site Scripting (XSS) a través de la página 400 Bad Request que se produce en una excepción del analizador de parámetros. • https://access.redhat.com/errata/RHSA-2019:0212 https://access.redhat.com/errata/RHSA-2019:0315 https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a https://github.com/sinatra/sinatra/issues/1428 https://access.redhat.com/security/cve/CVE-2018-11627 https://bugzilla.redhat.com/show_bug.cgi?id=1585218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-1000119 – rack-protection: Timing attack in authenticity_token.rb

https://notcve.org/view.php?id=CVE-2018-1000119

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0. Sinatra rack-protection, en versiones 1.5.4, 2.0.0.rc3 y anteriores, contiene una vulnerabilidad de ataque de sincronización en la comprobación de token CSRF que puede resultar en que las firmas queden expuestas. Este ataque parece ser explotable mediante conectividad de red en la aplicación Ruby. • https://access.redhat.com/errata/RHSA-2018:1060 https://github.com/sinatra/rack-protection/pull/98 https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109 https://www.debian.org/security/2018/dsa-4247 https://access.redhat.com/security/cve/CVE-2018-1000119 https://bugzilla.redhat.com/show_bug.cgi?id=1534027 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •

CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-7212

https://notcve.org/view.php?id=CVE-2018-7212

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters. Se ha descubierto un problema en rack-protection/lib/rack/protection/path_traversal.rb en las versiones 2.x de Sinatra anteriores a la 2.0.1 en Windows. Es posible el salto de directorio mediante caracteres de barra diagonal invertida. • https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c https://github.com/sinatra/sinatra/pull/1379 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •