CVE-2018-11627

Опубликовано: 22 мая 2018

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ceph Storage 1.3	rubygem-sinatra	Not affected
Red Hat Enterprise Linux 6	pcs	Not affected
Red Hat Enterprise Linux 7	pcs	Not affected
Red Hat Enterprise Linux 8	pcs	Not affected
Red Hat Enterprise Linux 8	rubygem-sinatra	Not affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools	rubygem-sinatra	Not affected
Red Hat Enterprise MRG 2	rubygem-sinatra	Not affected
Red Hat OpenStack Platform 10 (Newton) Operational Tools	rubygem-sinatra	Not affected
Red Hat OpenStack Platform 12 (Pike) Operational Tools	rubygem-sinatra	Not affected
Red Hat OpenStack Platform 8 (Liberty) Operational Tools	rubygem-sinatra	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1585218rubygem-sinatra: XSS in the 400 Bad Request page

EPSS

Процентиль: 60%

0.00398

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2018-11627

CVSS3: 6.1

ubuntu

больше 7 лет назад

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

CVE-2018-11627

CVSS3: 6.1

nvd

больше 7 лет назад

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

CVE-2018-11627

CVSS3: 6.1

debian

больше 7 лет назад

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs ...

GHSA-mq35-wqvf-r23c

CVSS3: 6.1

github

больше 7 лет назад

Sinatra Cross-site Scripting vulnerability

EPSS

Процентиль: 60%

0.00398

Низкий

6.1 Medium

CVSS3