Vulnerabilities > Sinatrarb > Sinatra > 1.1.0

DATE CVE VULNERABILITY TITLE RISK
2022-05-02 CVE-2022-29970 Path Traversal vulnerability in multiple products
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
network
low complexity
sinatrarb debian CWE-22
7.5
7.5
2018-05-31 CVE-2018-11627 Cross-site Scripting vulnerability in multiple products
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
network
low complexity
sinatrarb redhat CWE-79
6.1
6.1