Количество 9
Количество 9
CVE-2022-45442
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
CVE-2022-45442
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
CVE-2022-45442
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
CVE-2022-45442
Sinatra is a domain-specific language for creating web applications in ...
GHSA-2x8x-jmrp-phxw
Sinatra vulnerable to Reflected File Download attack
ELSA-2023-12150
ELSA-2023-12150: pcs security update (MODERATE)
ELSA-2023-12137
ELSA-2023-12137: pcs security update (MODERATE)
BDU:2024-01888
Уязвимость фреймворка разработки веб-приложений на Ruby Sinatra, связанная с загрузкой кода без проверки его целостности, позволяющая нарушителю выполнить произвольный код
ROS-20240524-03
Уязвимость rubygem-sinatra
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-45442 Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
 | CVE-2022-45442 Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
 | CVE-2022-45442 Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
| CVE-2022-45442 Sinatra is a domain-specific language for creating web applications in ... | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
| GHSA-2x8x-jmrp-phxw Sinatra vulnerable to Reflected File Download attack | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
| ELSA-2023-12150 ELSA-2023-12150: pcs security update (MODERATE) | больше 2 лет назад | ||
| ELSA-2023-12137 ELSA-2023-12137: pcs security update (MODERATE) | больше 2 лет назад | ||
 | BDU:2024-01888 Уязвимость фреймворка разработки веб-приложений на Ruby Sinatra, связанная с загрузкой кода без проверки его целостности, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
 | ROS-20240524-03 Уязвимость rubygem-sinatra | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу