Skip to main content

Sinatra

5 CVEs product

Monthly

CVE-2024-37116 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sinatra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-45442 Ruby HIGH POC PATCH This Week

Sinatra is a domain-specific language for creating web applications in Ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sinatra Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29970 Ruby HIGH PATCH This Week

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinatra Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-11627 Ruby MEDIUM POC PATCH This Month

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sinatra Cloudforms
NVD GitHub
CVSS 3.0
6.1
EPSS
2.2%
CVE-2018-7212 Ruby MEDIUM PATCH This Month

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Sinatra
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sinatra
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Sinatra is a domain-specific language for creating web applications in Ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sinatra Debian Linux
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinatra Debian Linux
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sinatra Cloudforms
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Sinatra
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy