VYPR
Low severityNVD Advisory· Published Oct 10, 2025· Updated Oct 10, 2025

Sinatra has ReDoS vulnerability in ETag header value generation

CVE-2025-61921

Description

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted input can cause If-Match and If-None-Match header parsing in Sinatra to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is typically involved in generating the ETag header value. Any applications that use the etag method when generating a response are impacted. Version 4.2.0 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sinatraRubyGems
< 4.2.04.2.0

Affected products

41

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.

CVE-2025-61921 · low · VYPR