VersionEye 2.0

Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision

Published date: 2024-11-01T06:30:34Z

CVE: CVE-2024-21510

Links:

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

Affected versions: ["2.0.8", "2.0.7", "2.0.5", "2.0.3", "2.0.2", "2.0.1.rc1", "2.0.0", "2.0.0.rc6", "2.0.0.rc5", "2.0.0.rc1", "2.0.0.beta1", "1.4.8", "1.4.7", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0.d", "1.3.5", "1.3.3", "1.3.0.f", "1.3.0.d", "1.3.0.c", "1.3.0.b", "1.2.9", "1.2.8", "1.2.6", "1.2.2", "1.2.0", "1.1.4", "1.1.3", "1.1.b", "1.1.a", "1.0.b", "1.0.a", "0.9.6", "0.9.5", "0.9.4", "0.9.2", "0.9.0.2", "0.9.0.1", "0.9.0", "0.3.3", "0.3.2", "0.3.1", "0.1.6", "0.1.0", "2.1.0", "2.0.8.1", "2.0.6", "2.0.4", "2.0.1", "2.0.0.rc2", "2.0.0.beta2", "1.4.6", "1.4.5", "1.4.4", "1.4.0.c", "1.4.0.b", "1.4.0.a", "1.3.6", "1.3.4", "1.3.2", "1.3.1", "1.3.0", "1.3.0.g", "1.3.0.e", "1.3.0.a", "1.2.7", "1.2.3", "1.2.1", "1.2.0.d", "1.2.0.c", "1.2.0.a", "1.1.2", "1.1.0", "1.0", "0.9.1.1", "0.9.1", "0.9.0.5", "0.9.0.4", "0.9.0.3", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.7", "0.1.5", "2.2.0", "2.2.1", "2.2.2", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "2.2.3", "3.0.4", "3.0.5", "2.2.4", "3.0.6", "3.1.0", "3.2.0", "4.0.0"]

Secure versions: [4.0.1, 4.1.0, 4.1.1]

Recommendation: Update to version 4.1.1.

sinatra does not validate expanded path matches

Published date: 2022-05-03T00:00:43Z

CVE: CVE-2022-29970

Links:

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Affected versions: ["2.0.8", "2.0.7", "2.0.5", "2.0.3", "2.0.2", "2.0.1.rc1", "2.0.0", "2.0.0.rc6", "2.0.0.rc5", "2.0.0.rc1", "2.0.0.beta1", "1.4.8", "1.4.7", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0.d", "1.3.5", "1.3.3", "1.3.0.f", "1.3.0.d", "1.3.0.c", "1.3.0.b", "1.2.9", "1.2.8", "1.2.6", "1.2.2", "1.2.0", "1.1.4", "1.1.3", "1.1.b", "1.1.a", "1.0.b", "1.0.a", "0.9.6", "0.9.5", "0.9.4", "0.9.2", "0.9.0.2", "0.9.0.1", "0.9.0", "0.3.3", "0.3.2", "0.3.1", "0.1.6", "0.1.0", "2.1.0", "2.0.8.1", "2.0.6", "2.0.4", "2.0.1", "2.0.0.rc2", "2.0.0.beta2", "1.4.6", "1.4.5", "1.4.4", "1.4.0.c", "1.4.0.b", "1.4.0.a", "1.3.6", "1.3.4", "1.3.2", "1.3.1", "1.3.0", "1.3.0.g", "1.3.0.e", "1.3.0.a", "1.2.7", "1.2.3", "1.2.1", "1.2.0.d", "1.2.0.c", "1.2.0.a", "1.1.2", "1.1.0", "1.0", "0.9.1.1", "0.9.1", "0.9.0.5", "0.9.0.4", "0.9.0.3", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.7", "0.1.5"]

Secure versions: [4.0.1, 4.1.0, 4.1.1]

Recommendation: Update to version 4.1.1.

sinatra does not validate expanded path matches

Published date: 2022-05-03

CVE: 2022-29970

CVSS V2: 5.0

CVSS V3: 7.5

Links:

https://github.com/sinatra/sinatra/pull/1683

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Affected versions: ["2.0.8", "2.0.7", "2.0.5", "2.0.3", "2.0.2", "2.0.1.rc1", "2.0.0", "2.0.0.rc6", "2.0.0.rc5", "2.0.0.rc1", "2.0.0.beta1", "1.4.8", "1.4.7", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0.d", "1.3.5", "1.3.3", "1.3.0.f", "1.3.0.d", "1.3.0.c", "1.3.0.b", "1.2.9", "1.2.8", "1.2.6", "1.2.2", "1.2.0", "1.1.4", "1.1.3", "1.1.b", "1.1.a", "1.0.b", "1.0.a", "0.9.6", "0.9.5", "0.9.4", "0.9.2", "0.9.0.2", "0.9.0.1", "0.9.0", "0.3.3", "0.3.2", "0.3.1", "0.1.6", "0.1.0", "2.1.0", "2.0.8.1", "2.0.6", "2.0.4", "2.0.1", "2.0.0.rc2", "2.0.0.beta2", "1.4.6", "1.4.5", "1.4.4", "1.4.0.c", "1.4.0.b", "1.4.0.a", "1.3.6", "1.3.4", "1.3.2", "1.3.1", "1.3.0", "1.3.0.g", "1.3.0.e", "1.3.0.a", "1.2.7", "1.2.3", "1.2.1", "1.2.0.d", "1.2.0.c", "1.2.0.a", "1.1.2", "1.1.0", "1.0", "0.9.1.1", "0.9.1", "0.9.0.5", "0.9.0.4", "0.9.0.3", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.7", "0.1.5"]

Secure versions: [4.0.1, 4.1.0, 4.1.1]

Recommendation: Update to version 4.1.1.

Sinatra vulnerable to Reflected File Download attack

Published date: 2022-11-30

CVE: 2022-45442

CVSS V3: 8.8

Links:

https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input.

Affected versions: ["2.0.8", "2.0.7", "2.0.5", "2.0.3", "2.0.2", "2.0.1.rc1", "2.0.0", "2.0.0.rc6", "2.0.0.rc5", "2.0.0.rc1", "2.0.0.beta1", "1.4.8", "1.4.7", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0.d", "1.3.5", "1.3.3", "1.3.0.f", "1.3.0.d", "1.3.0.c", "1.3.0.b", "1.2.9", "1.2.8", "1.2.6", "1.2.2", "1.2.0", "1.1.4", "1.1.3", "1.1.b", "1.1.a", "1.0.b", "1.0.a", "0.9.6", "0.9.5", "0.9.4", "0.9.2", "0.9.0.2", "0.9.0.1", "0.9.0", "0.3.3", "0.3.2", "0.3.1", "0.1.6", "0.1.0", "2.1.0", "2.0.8.1", "2.0.6", "2.0.4", "2.0.1", "2.0.0.rc2", "2.0.0.beta2", "1.4.6", "1.4.5", "1.4.4", "1.4.0.c", "1.4.0.b", "1.4.0.a", "1.3.6", "1.3.4", "1.3.2", "1.3.1", "1.3.0", "1.3.0.g", "1.3.0.e", "1.3.0.a", "1.2.7", "1.2.3", "1.2.1", "1.2.0.d", "1.2.0.c", "1.2.0.a", "1.1.2", "1.1.0", "1.0", "0.9.1.1", "0.9.1", "0.9.0.5", "0.9.0.4", "0.9.0.3", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.7", "0.1.5", "3.0.0", "3.0.1", "3.0.2", "3.0.3"]

Secure versions: [4.0.1, 4.1.0, 4.1.1]

Recommendation: Update to version 4.1.1.

Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision

Published date: 2024-11-01

CVE: 2024-21510

CVSS V3: 5.4

Links:

https://github.com/advisories/GHSA-hxx2-7vcw-mqr3

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header.

When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

Affected versions: ["2.0.8", "2.0.7", "2.0.5", "2.0.3", "2.0.2", "2.0.1.rc1", "2.0.0", "2.0.0.rc6", "2.0.0.rc5", "2.0.0.rc1", "2.0.0.beta1", "1.4.8", "1.4.7", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0.d", "1.3.5", "1.3.3", "1.3.0.f", "1.3.0.d", "1.3.0.c", "1.3.0.b", "1.2.9", "1.2.8", "1.2.6", "1.2.2", "1.2.0", "1.1.4", "1.1.3", "1.1.b", "1.1.a", "1.0.b", "1.0.a", "0.9.6", "0.9.5", "0.9.4", "0.9.2", "0.9.0.2", "0.9.0.1", "0.9.0", "0.3.3", "0.3.2", "0.3.1", "0.1.6", "0.1.0", "2.1.0", "2.0.8.1", "2.0.6", "2.0.4", "2.0.1", "2.0.0.rc2", "2.0.0.beta2", "1.4.6", "1.4.5", "1.4.4", "1.4.0.c", "1.4.0.b", "1.4.0.a", "1.3.6", "1.3.4", "1.3.2", "1.3.1", "1.3.0", "1.3.0.g", "1.3.0.e", "1.3.0.a", "1.2.7", "1.2.3", "1.2.1", "1.2.0.d", "1.2.0.c", "1.2.0.a", "1.1.2", "1.1.0", "1.0", "0.9.1.1", "0.9.1", "0.9.0.5", "0.9.0.4", "0.9.0.3", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.7", "0.1.5", "2.2.0", "2.2.1", "2.2.2", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "2.2.3", "3.0.4", "3.0.5", "2.2.4", "3.0.6", "3.1.0", "3.2.0", "4.0.0"]

Secure versions: [4.0.1, 4.1.0, 4.1.1]

Recommendation: Update to version 4.1.1.

Version	License	Security	Released
0.2.1	UNKNOWN	5	2009-07-25 - 17:52	almost 16 years
0.2.0	UNKNOWN	5	2009-07-25 - 17:52	almost 16 years
0.1.7	UNKNOWN	5	2009-07-25 - 17:52	almost 16 years
0.1.6	UNKNOWN	5	2009-07-25 - 17:52	almost 16 years
0.1.5	UNKNOWN	5	2009-07-25 - 17:52	almost 16 years
0.1.0	UNKNOWN	5	2009-07-25 - 17:52	almost 16 years

Ruby/sinatra/1.3.0.a

5 Security Vulnerabilities

106 Other Versions