Описание
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 3.0.5-3 |
| esm-apps/bionic | released | 1.4.8-1ubuntu0.1~esm2 |
| esm-apps/focal | released | 2.0.8.1-1ubuntu0.1~esm2 |
| esm-apps/jammy | released | 2.0.8.1-2+deb11u1build0.22.04.1 |
| esm-apps/xenial | released | 1.4.7-3ubuntu0.1~esm2 |
| focal | ignored | end of standard support, was needed |
| jammy | released | 2.0.8.1-2+deb11u1build0.22.04.1 |
| kinetic | ignored | end of life, was needed |
| lunar | not-affected | 3.0.5-3 |
Показывать по
Ссылки на источники
8.8 High
CVSS3
Связанные уязвимости
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
Sinatra is a domain-specific language for creating web applications in ...
Sinatra vulnerable to Reflected File Download attack
8.8 High
CVSS3