VYPR

Sinatra

by Sinatra

gem: sinatra

Source repositories

CVEs (5)

  • CVE-2024-21510MedNov 1, 2024
    risk 0.28cvss 5.4epss 0.00

    Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an…

  • CVE-2025-61921Oct 10, 2025
    risk 0.00cvss epss 0.00

    Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the…

  • CVE-2024-37116Jul 22, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3.

  • CVE-2022-45442Nov 28, 2022
    risk 0.00cvss epss 0.01

    Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response…

  • CVE-2022-29970May 2, 2022
    risk 0.00cvss epss 0.02

    Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.