sinatra

vulnerable: 2.0.0, 2.0.1, 2.0.1.rc1

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

vulnerable: 2.0.0 ... 2.0.1.rc1 (8 versions)

An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.

vulnerable: 0.1.0 ... 2.1.0 (88 versions)

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

vulnerable: 2.0.0 ... 2.2.2 (15 versions)

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Con…

vulnerable: 0.1.0 ... 4.0.1 (104 versions)

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an O…

vulnerable: 0.1.0 ... 4.1.1 (106 versions)

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` me…