VYPR
High severityNVD Advisory· Published Nov 28, 2022· Updated Nov 4, 2025

Sinatra vulnerable to Reflected File Download attack

CVE-2022-45442

Description

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sinatraRubyGems
>= 3.0, < 3.0.43.0.4
sinatraRubyGems
>= 2.0.0, < 2.2.32.2.3

Affected products

4

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.