CVE-2018-11627

Опубликовано: 31 мая 2018

Источник: debian

EPSS Низкий

Описание

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

Пакет	Статус	Версия исправления	Релиз	Тип
ruby-sinatra	not-affected			package

https://github.com/sinatra/sinatra/issues/1428
Introduced by: https://github.com/sinatra/sinatra/commit/8f8df53ff29938ace79b31097c27d9cdac803b44
Fixed by: https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a

EPSS

Процентиль: 60%

0.00398

Низкий

CVE-2018-11627

CVSS3: 6.1

ubuntu

больше 7 лет назад

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

CVE-2018-11627

CVSS3: 6.1

redhat

больше 7 лет назад

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

CVE-2018-11627

CVSS3: 6.1

nvd

больше 7 лет назад

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

GHSA-mq35-wqvf-r23c

CVSS3: 6.1

github

больше 7 лет назад

Sinatra Cross-site Scripting vulnerability

EPSS

Процентиль: 60%

0.00398

Низкий