Описание
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
A flaw was found in Sinatra, a domain-specific language for creating web applications in Ruby. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Enterprise Linux 8 | pcs | Fixed | RHSA-2023:0855 | 21.02.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | pcs | Fixed | RHSA-2023:0857 | 21.02.2023 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | pcs | Fixed | RHSA-2023:0393 | 24.01.2023 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | pcs | Fixed | RHSA-2023:0393 | 24.01.2023 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | pcs | Fixed | RHSA-2023:0506 | 30.01.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | pcs | Fixed | RHSA-2023:0427 | 24.01.2023 |
| Red Hat Enterprise Linux 9 | pcs | Fixed | RHSA-2023:0974 | 28.02.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | pcs | Fixed | RHSA-2023:0527 | 30.01.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
Sinatra is a domain-specific language for creating web applications in ...
Sinatra vulnerable to Reflected File Download attack
EPSS
8.8 High
CVSS3