Vulnerabilities > Sinatrarb > Sinatra > 1.2.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-02 | CVE-2022-29970 | Path Traversal vulnerability in multiple products Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. | 7.5 |
| 2018-05-31 | CVE-2018-11627 | Cross-site Scripting vulnerability in multiple products Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. | 4.3 |