Ruby/sinatra/1.4.8


Sinatra is a DSL for quickly creating web applications in Ruby with minimal effort.

https://rubygems.org/gems/sinatra
MIT

3 Security Vulnerabilities

sinatra does not validate expanded path matches

Published date: 2022-05-03T00:00:43Z
CVE: CVE-2022-29970
Links:

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Affected versions: ["2.1.0", "2.0.8.1", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.1.rc1", "2.0.0", "2.0.0.rc6", "2.0.0.rc5", "2.0.0.rc2", "2.0.0.rc1", "2.0.0.beta2", "2.0.0.beta1", "1.4.8", "1.4.7", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0.d", "1.4.0.c", "1.4.0.b", "1.4.0.a", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.3.0.g", "1.3.0.f", "1.3.0.e", "1.3.0.d", "1.3.0.c", "1.3.0.b", "1.3.0.a", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.2.0.d", "1.2.0.c", "1.2.0.a", "1.1.4", "1.1.3", "1.1.2", "1.1.0", "1.1.b", "1.1.a", "1.0", "1.0.b", "1.0.a", "0.9.6", "0.9.5", "0.9.4", "0.9.2", "0.9.1.1", "0.9.1", "0.9.0.5", "0.9.0.4", "0.9.0.3", "0.9.0.2", "0.9.0.1", "0.9.0", "0.3.3", "0.3.2", "0.3.1", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.7", "0.1.6", "0.1.5", "0.1.0"]
Secure versions: [3.0.4, 2.2.3, 3.0.5, 2.2.4, 3.0.6, 3.1.0, 3.2.0, 4.0.0]
Recommendation: Update to version 4.0.0.

sinatra does not validate expanded path matches

Published date: 2022-05-03
CVE: 2022-29970
CVSS V2: 5.0
CVSS V3: 7.5
Links:

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Affected versions: ["2.1.0", "2.0.8.1", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.1.rc1", "2.0.0", "2.0.0.rc6", "2.0.0.rc5", "2.0.0.rc2", "2.0.0.rc1", "2.0.0.beta2", "2.0.0.beta1", "1.4.8", "1.4.7", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0.d", "1.4.0.c", "1.4.0.b", "1.4.0.a", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.3.0.g", "1.3.0.f", "1.3.0.e", "1.3.0.d", "1.3.0.c", "1.3.0.b", "1.3.0.a", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.2.0.d", "1.2.0.c", "1.2.0.a", "1.1.4", "1.1.3", "1.1.2", "1.1.0", "1.1.b", "1.1.a", "1.0", "1.0.b", "1.0.a", "0.9.6", "0.9.5", "0.9.4", "0.9.2", "0.9.1.1", "0.9.1", "0.9.0.5", "0.9.0.4", "0.9.0.3", "0.9.0.2", "0.9.0.1", "0.9.0", "0.3.3", "0.3.2", "0.3.1", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.7", "0.1.6", "0.1.5", "0.1.0"]
Secure versions: [3.0.4, 2.2.3, 3.0.5, 2.2.4, 3.0.6, 3.1.0, 3.2.0, 4.0.0]
Recommendation: Update to version 4.0.0.

Sinatra vulnerable to Reflected File Download attack

Published date: 2022-11-30
CVE: 2022-45442
CVSS V3: 8.8
Links:

An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input.

Affected versions: ["2.1.0", "2.0.8.1", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.1.rc1", "2.0.0", "2.0.0.rc6", "2.0.0.rc5", "2.0.0.rc2", "2.0.0.rc1", "2.0.0.beta2", "2.0.0.beta1", "1.4.8", "1.4.7", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0.d", "1.4.0.c", "1.4.0.b", "1.4.0.a", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.3.0.g", "1.3.0.f", "1.3.0.e", "1.3.0.d", "1.3.0.c", "1.3.0.b", "1.3.0.a", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.2.0.d", "1.2.0.c", "1.2.0.a", "1.1.4", "1.1.3", "1.1.2", "1.1.0", "1.1.b", "1.1.a", "1.0", "1.0.b", "1.0.a", "0.9.6", "0.9.5", "0.9.4", "0.9.2", "0.9.1.1", "0.9.1", "0.9.0.5", "0.9.0.4", "0.9.0.3", "0.9.0.2", "0.9.0.1", "0.9.0", "0.3.3", "0.3.2", "0.3.1", "0.3.0", "0.2.2", "0.2.1", "0.2.0", "0.1.7", "0.1.6", "0.1.5", "0.1.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3"]
Secure versions: [3.0.4, 2.2.3, 3.0.5, 2.2.4, 3.0.6, 3.1.0, 3.2.0, 4.0.0]
Recommendation: Update to version 4.0.0.

103 Other Versions

Version License Security Released
4.0.0 MIT 2024-01-19 - 11:52 2 months
3.2.0 MIT 2023-12-29 - 17:56 3 months
3.1.0 MIT 2023-08-07 - 09:22 8 months
3.0.6 MIT 2023-04-11 - 15:35 12 months
3.0.5 MIT 2022-12-16 - 23:13 over 1 year
3.0.4 MIT 2022-11-25 - 16:38 over 1 year
3.0.3 MIT 2 2022-11-11 - 19:42 over 1 year
3.0.2 MIT 2 2022-10-01 - 17:24 over 1 year
3.0.1 MIT 2 2022-09-26 - 16:05 over 1 year
3.0.0 MIT 2 2022-09-26 - 01:06 over 1 year
2.2.4 MIT 2022-12-16 - 23:04 over 1 year
2.2.3 MIT 2022-11-25 - 20:30 over 1 year
2.2.2 MIT 1 2022-07-23 - 21:17 over 1 year
2.2.1 MIT 1 2022-07-15 - 14:35 over 1 year
2.2.0 MIT 1 2022-02-15 - 16:23 about 2 years
2.1.0 MIT 4 2020-09-04 - 18:51 over 3 years
2.0.8.1 MIT 4 2020-01-01 - 20:06 about 4 years
2.0.8 MIT 4 2020-01-01 - 09:42 about 4 years
2.0.7 MIT 4 2019-08-22 - 10:04 over 4 years
2.0.6 MIT 4 2019-08-21 - 17:01 over 4 years
2.0.5 MIT 4 2018-12-22 - 11:11 over 5 years
2.0.4 MIT 4 2018-09-15 - 09:38 over 5 years
2.0.3 MIT 4 2018-06-08 - 16:04 almost 6 years
2.0.2 MIT 4 2018-06-05 - 16:54 almost 6 years
2.0.1 MIT 6 2018-02-16 - 15:43 about 6 years
2.0.1.rc1 MIT 8 2018-02-13 - 11:12 about 6 years
2.0.0 MIT 8 2017-05-07 - 00:05 almost 7 years
2.0.0.rc6 MIT 5 2017-05-06 - 23:59 almost 7 years
2.0.0.rc5 MIT 5 2017-05-06 - 23:52 almost 7 years
2.0.0.rc2 MIT 5 2017-03-19 - 03:34 about 7 years
2.0.0.rc1 MIT 5 2017-03-04 - 18:18 about 7 years
2.0.0.beta2 MIT 5 2016-08-22 - 17:01 over 7 years
2.0.0.beta1 MIT 5 2016-08-22 - 15:17 over 7 years
1.4.8 MIT 3 2017-01-30 - 03:31 about 7 years
1.4.7 MIT 3 2016-01-24 - 12:26 about 8 years
1.4.6 MIT 3 2015-03-24 - 02:42 about 9 years
1.4.5 MIT 3 2014-04-08 - 15:21 almost 10 years
1.4.4 UNKNOWN 3 2013-10-21 - 10:12 over 10 years
1.4.3 UNKNOWN 3 2013-06-07 - 21:05 almost 11 years
1.4.2 UNKNOWN 3 2013-03-21 - 09:08 about 11 years
1.4.1 UNKNOWN 3 2013-03-15 - 17:20 about 11 years
1.4.0 UNKNOWN 3 2013-03-15 - 11:28 about 11 years
1.4.0.a UNKNOWN 3 2013-02-26 - 07:01 about 11 years
1.4.0.c UNKNOWN 3 2013-02-26 - 23:19 about 11 years
1.4.0.d UNKNOWN 3 2013-03-09 - 17:17 about 11 years
1.4.0.b UNKNOWN 3 2013-02-26 - 13:58 about 11 years
1.3.6 UNKNOWN 3 2013-03-15 - 11:23 about 11 years
1.3.5 UNKNOWN 3 2013-02-25 - 10:09 about 11 years
1.3.4 UNKNOWN 3 2013-01-26 - 22:18 about 11 years
1.3.3 UNKNOWN 3 2012-08-19 - 12:54 over 11 years
1.3.2 UNKNOWN 3 2011-12-30 - 12:55 about 12 years
1.3.1 UNKNOWN 3 2011-10-05 - 01:29 over 12 years
1.3.0 UNKNOWN 3 2011-10-01 - 02:17 over 12 years
1.3.0.g UNKNOWN 3 2011-09-25 - 21:45 over 12 years
1.3.0.f UNKNOWN 3 2011-09-11 - 17:12 over 12 years
1.3.0.e UNKNOWN 3 2011-06-09 - 08:38 almost 13 years
1.3.0.a UNKNOWN 3 2011-03-22 - 17:27 about 13 years
1.3.0.c UNKNOWN 3 2011-04-13 - 13:50 almost 13 years
1.3.0.d UNKNOWN 3 2011-04-30 - 09:06 almost 13 years
1.3.0.b UNKNOWN 3 2011-04-08 - 17:14 almost 13 years
1.2.9 UNKNOWN 3 2013-03-15 - 11:01 about 11 years
1.2.8 UNKNOWN 3 2011-12-30 - 12:47 about 12 years
1.2.7 UNKNOWN 3 2011-10-01 - 02:32 over 12 years
1.2.6 UNKNOWN 3 2011-05-01 - 08:25 almost 13 years
1.2.3 UNKNOWN 3 2011-04-13 - 13:42 almost 13 years
1.2.2 UNKNOWN 3 2011-04-08 - 17:24 almost 13 years
1.2.1 UNKNOWN 3 2011-03-17 - 10:35 about 13 years
1.2.0 UNKNOWN 3 2011-03-03 - 20:50 about 13 years
1.2.0.d UNKNOWN 3 2011-02-26 - 15:18 about 13 years
1.2.0.c UNKNOWN 3 2011-02-19 - 21:37 about 13 years
1.2.0.a UNKNOWN 3 2010-12-25 - 22:38 over 13 years
1.1.4 UNKNOWN 3 2011-04-13 - 13:36 almost 13 years
1.1.3 UNKNOWN 3 2011-02-20 - 09:15 about 13 years
1.1.2 UNKNOWN 3 2010-12-25 - 22:56 over 13 years
1.1.0 UNKNOWN 3 2010-10-24 - 14:01 over 13 years
1.1.a UNKNOWN 3 2010-10-19 - 12:51 over 13 years
1.1.b UNKNOWN 3 2010-10-23 - 08:04 over 13 years
1.0 MIT 3 2010-03-23 - 21:25 about 14 years
1.0.b UNKNOWN 3 2010-03-07 - 15:34 about 14 years
1.0.a UNKNOWN 3 2010-01-28 - 19:53 about 14 years
0.9.6 UNKNOWN 3 2010-03-07 - 10:54 about 14 years
0.9.5 UNKNOWN 3 2010-03-04 - 15:16 about 14 years
0.9.4 UNKNOWN 3 2009-08-05 - 13:47 over 14 years
0.9.2 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.9.1.1 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.9.1 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.9.0.5 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.9.0.4 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.9.0.3 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.9.0.2 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.9.0.1 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.9.0 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.3.3 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.3.2 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.3.1 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.3.0 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.2.2 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.2.1 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.2.0 UNKNOWN 3 2009-07-25 - 17:52 over 14 years
0.1.7 UNKNOWN 3 2009-07-25 - 17:52 over 14 years