Vulnerabilities > Sinatrarb

DATE CVE VULNERABILITY TITLE RISK
2022-11-28 CVE-2022-45442 Download of Code Without Integrity Check vulnerability in multiple products
Sinatra is a domain-specific language for creating web applications in Ruby.
network
low complexity
sinatrarb debian CWE-494
8.8
2022-05-02 CVE-2022-29970 Path Traversal vulnerability in multiple products
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
network
low complexity
sinatrarb debian CWE-22
7.5
2018-05-31 CVE-2018-11627 Cross-site Scripting vulnerability in multiple products
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
4.3
2018-03-07 CVE-2018-1000119 Information Exposure Through Discrepancy vulnerability in Sinatrarb Rack-Protection 2.0.0
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed.
network
sinatrarb CWE-203
4.3
2018-02-18 CVE-2018-7212 Path Traversal vulnerability in Sinatrarb Sinatra 2.0.0/2.0.1
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows.
network
low complexity
sinatrarb microsoft CWE-22
5.0