Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/sinatra@1.3.1
Typegem
Namespace
Namesinatra
Version1.3.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.0
Latest_non_vulnerable_version4.2.0
Affected_by_vulnerabilities
0
url VCID-3bjc-pyku-wkhw
vulnerability_id VCID-3bjc-pyku-wkhw
summary 
sinatra does not validate expanded path matches
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29970.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29970.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29970
reference_id
reference_type
scores
0
value 0.00601
scoring_system epss
scoring_elements 0.6986
published_at 2026-06-04T12:55:00Z
1
value 0.00601
scoring_system epss
scoring_elements 0.699
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29970
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/pull/1683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/pull/1683
6
reference_url https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
7
reference_url https://github.com/skylightio/skylight-ruby/pull/294
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/skylightio/skylight-ruby/pull/294
8
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717
reference_id 1014717
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2081096
reference_id 2081096
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2081096
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29970
reference_id CVE-2022-29970
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29970
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml
reference_id CVE-2022-29970.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml
14
reference_url https://github.com/advisories/GHSA-qp49-3pvw-x4m5
reference_id GHSA-qp49-3pvw-x4m5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp49-3pvw-x4m5
15
reference_url https://access.redhat.com/errata/RHSA-2022:2253
reference_id RHSA-2022:2253
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2253
16
reference_url https://access.redhat.com/errata/RHSA-2022:2255
reference_id RHSA-2022:2255
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2255
17
reference_url https://access.redhat.com/errata/RHSA-2022:2256
reference_id RHSA-2022:2256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2256
18
reference_url https://access.redhat.com/errata/RHSA-2022:4587
reference_id RHSA-2022:4587
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4587
19
reference_url https://access.redhat.com/errata/RHSA-2022:4661
reference_id RHSA-2022:4661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4661
20
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
21
reference_url https://usn.ubuntu.com/7664-1/
reference_id USN-7664-1
reference_type
scores
url https://usn.ubuntu.com/7664-1/
fixed_packages
0
url pkg:gem/sinatra@2.2.0
purl pkg:gem/sinatra@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eagk-fn5x-9qbp
1
vulnerability VCID-eenz-9ark-1qhf
2
vulnerability VCID-nzp9-695v-sbhp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.2.0
aliases CVE-2022-29970, GHSA-qp49-3pvw-x4m5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3bjc-pyku-wkhw
1
url VCID-eenz-9ark-1qhf
vulnerability_id VCID-eenz-9ark-1qhf
summary 
Sinatra is vulnerable to ReDoS through ETag header value generation
There is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the response and you are using Ruby < 3.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61921
reference_id
reference_type
scores
0
value 0.00434
scoring_system epss
scoring_elements 0.63197
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61921
2
reference_url https://bugs.ruby-lang.org/issues/19104
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://bugs.ruby-lang.org/issues/19104
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd
6
reference_url https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb
7
reference_url https://github.com/sinatra/sinatra/issues/2120
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/issues/2120
8
reference_url https://github.com/sinatra/sinatra/pull/1823
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/pull/1823
9
reference_url https://github.com/sinatra/sinatra/pull/2121
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/pull/2121
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
reference_id 1118290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403178
reference_id 2403178
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403178
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61921
reference_id CVE-2025-61921
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61921
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml
reference_id CVE-2025-61921.YML
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml
14
reference_url https://github.com/advisories/GHSA-mr3q-g2mv-mr4q
reference_id GHSA-mr3q-g2mv-mr4q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mr3q-g2mv-mr4q
15
reference_url https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
reference_id GHSA-mr3q-g2mv-mr4q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
fixed_packages
0
url pkg:gem/sinatra@4.2.0
purl pkg:gem/sinatra@4.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.2.0
aliases CVE-2025-61921, GHSA-mr3q-g2mv-mr4q
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eenz-9ark-1qhf
2
url VCID-h596-dyfk-7fa8
vulnerability_id VCID-h596-dyfk-7fa8
summary 
Cross-site Scripting
Sinatra has XSS via the Bad Request page that occurs upon a params parser exception.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0212
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0212
1
reference_url https://access.redhat.com/errata/RHSA-2019:0315
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0315
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11627.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11627.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11627
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.60957
published_at 2026-06-05T12:55:00Z
1
value 0.00398
scoring_system epss
scoring_elements 0.60908
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11627
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2018-11627.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2018-11627.yml
6
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
7
reference_url https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
8
reference_url https://github.com/sinatra/sinatra/issues/1428
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/issues/1428
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1585218
reference_id 1585218
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1585218
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11627
reference_id CVE-2018-11627
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11627
11
reference_url https://github.com/advisories/GHSA-mq35-wqvf-r23c
reference_id GHSA-mq35-wqvf-r23c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mq35-wqvf-r23c
fixed_packages
0
url pkg:gem/sinatra@2.0.0-alpha
purl pkg:gem/sinatra@2.0.0-alpha
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.0-alpha
1
url pkg:gem/sinatra@2.0.2
purl pkg:gem/sinatra@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3bjc-pyku-wkhw
1
vulnerability VCID-eagk-fn5x-9qbp
2
vulnerability VCID-eenz-9ark-1qhf
3
vulnerability VCID-nzp9-695v-sbhp
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.2
aliases CVE-2018-11627, GHSA-mq35-wqvf-r23c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h596-dyfk-7fa8
3
url VCID-nzp9-695v-sbhp
vulnerability_id VCID-nzp9-695v-sbhp
summary 
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Versions of the package sinatra from 0.0.0 are vulnerable to
Reliance on Untrusted Inputs in a Security Decision via the
X-Forwarded-Host (XFH) header.

When making a request to a method with redirect applied, it is
possible to trigger an Open Redirect Attack by inserting an
arbitrary address into this header. If used for caching purposes,
such as with servers like Nginx, or as a reverse proxy, without
handling the X-Forwarded-Host header, attackers can potentially
exploit Cache Poisoning or Routing-based SSRF.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43433
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
3
reference_url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
6
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
7
reference_url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
8
reference_url https://github.com/sinatra/sinatra/pull/2010
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/pull/2010
9
reference_url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
reference_id 1087290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
reference_id 2323117
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
12
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
reference_id base.rb%23L319
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
13
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
reference_id base.rb%23L323C1-L343C17
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
reference_id CVE-2024-21510
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
reference_id CVE-2024-21510.YML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
16
reference_url https://access.redhat.com/errata/RHSA-2024:10987
reference_id RHSA-2024:10987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10987
fixed_packages
0
url pkg:gem/sinatra@4.1.0
purl pkg:gem/sinatra@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eenz-9ark-1qhf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.1.0
aliases CVE-2024-21510, GHSA-hxx2-7vcw-mqr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzp9-695v-sbhp
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/sinatra@1.3.1