Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/sinatra@2.0.2
Typegem
Namespace
Namesinatra
Version2.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.0
Latest_non_vulnerable_version4.2.0
Affected_by_vulnerabilities
0
url VCID-7f81-3s1y-sfec
vulnerability_id VCID-7f81-3s1y-sfec
summary 
sinatra does not validate expanded path matches
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29970.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29970.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29970
reference_id
reference_type
scores
0
value 0.00601
scoring_system epss
scoring_elements 0.69504
published_at 2026-04-21T12:55:00Z
1
value 0.00601
scoring_system epss
scoring_elements 0.69524
published_at 2026-04-18T12:55:00Z
2
value 0.00601
scoring_system epss
scoring_elements 0.69515
published_at 2026-04-16T12:55:00Z
3
value 0.00601
scoring_system epss
scoring_elements 0.69476
published_at 2026-04-13T12:55:00Z
4
value 0.00601
scoring_system epss
scoring_elements 0.6949
published_at 2026-04-12T12:55:00Z
5
value 0.00601
scoring_system epss
scoring_elements 0.69505
published_at 2026-04-11T12:55:00Z
6
value 0.00601
scoring_system epss
scoring_elements 0.69483
published_at 2026-04-09T12:55:00Z
7
value 0.00601
scoring_system epss
scoring_elements 0.69417
published_at 2026-04-07T12:55:00Z
8
value 0.00601
scoring_system epss
scoring_elements 0.69468
published_at 2026-04-08T12:55:00Z
9
value 0.00601
scoring_system epss
scoring_elements 0.69438
published_at 2026-04-04T12:55:00Z
10
value 0.00601
scoring_system epss
scoring_elements 0.69421
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29970
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/pull/1683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/pull/1683
6
reference_url https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
7
reference_url https://github.com/skylightio/skylight-ruby/pull/294
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/skylightio/skylight-ruby/pull/294
8
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717
reference_id 1014717
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2081096
reference_id 2081096
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2081096
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29970
reference_id CVE-2022-29970
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29970
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml
reference_id CVE-2022-29970.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml
14
reference_url https://github.com/advisories/GHSA-qp49-3pvw-x4m5
reference_id GHSA-qp49-3pvw-x4m5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp49-3pvw-x4m5
15
reference_url https://access.redhat.com/errata/RHSA-2022:2253
reference_id RHSA-2022:2253
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2253
16
reference_url https://access.redhat.com/errata/RHSA-2022:2255
reference_id RHSA-2022:2255
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2255
17
reference_url https://access.redhat.com/errata/RHSA-2022:2256
reference_id RHSA-2022:2256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2256
18
reference_url https://access.redhat.com/errata/RHSA-2022:4587
reference_id RHSA-2022:4587
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4587
19
reference_url https://access.redhat.com/errata/RHSA-2022:4661
reference_id RHSA-2022:4661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4661
20
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
21
reference_url https://usn.ubuntu.com/7664-1/
reference_id USN-7664-1
reference_type
scores
url https://usn.ubuntu.com/7664-1/
fixed_packages
0
url pkg:gem/sinatra@2.2.0
purl pkg:gem/sinatra@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k7su-xtsg-jyg9
1
vulnerability VCID-tax5-a72w-mbhy
2
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.2.0
aliases CVE-2022-29970, GHSA-qp49-3pvw-x4m5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f81-3s1y-sfec
1
url VCID-k7su-xtsg-jyg9
vulnerability_id VCID-k7su-xtsg-jyg9
summary 
Sinatra vulnerable to Reflected File Download attack
### Description
An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input.

### References
* https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
* https://github.com/advisories/GHSA-8x94-hmjh-97hq
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45442.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45442.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45442
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53256
published_at 2026-04-21T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53276
published_at 2026-04-18T12:55:00Z
2
value 0.00317
scoring_system epss
scoring_elements 0.54779
published_at 2026-04-02T12:55:00Z
3
value 0.00317
scoring_system epss
scoring_elements 0.54829
published_at 2026-04-16T12:55:00Z
4
value 0.00317
scoring_system epss
scoring_elements 0.5479
published_at 2026-04-13T12:55:00Z
5
value 0.00317
scoring_system epss
scoring_elements 0.54812
published_at 2026-04-12T12:55:00Z
6
value 0.00317
scoring_system epss
scoring_elements 0.5483
published_at 2026-04-11T12:55:00Z
7
value 0.00317
scoring_system epss
scoring_elements 0.54819
published_at 2026-04-09T12:55:00Z
8
value 0.00317
scoring_system epss
scoring_elements 0.54822
published_at 2026-04-08T12:55:00Z
9
value 0.00317
scoring_system epss
scoring_elements 0.54771
published_at 2026-04-07T12:55:00Z
10
value 0.00317
scoring_system epss
scoring_elements 0.54802
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45442
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45442
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45442
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-8x94-hmjh-97hq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://github.com/advisories/GHSA-8x94-hmjh-97hq
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-45442.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-45442.yml
6
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
7
reference_url https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b
8
reference_url https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
9
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00005.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00005.html
10
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45442
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45442
12
reference_url https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025125
reference_id 1025125
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025125
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153363
reference_id 2153363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153363
15
reference_url https://github.com/advisories/GHSA-2x8x-jmrp-phxw
reference_id GHSA-2x8x-jmrp-phxw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2x8x-jmrp-phxw
16
reference_url https://access.redhat.com/errata/RHSA-2023:0393
reference_id RHSA-2023:0393
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0393
17
reference_url https://access.redhat.com/errata/RHSA-2023:0427
reference_id RHSA-2023:0427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0427
18
reference_url https://access.redhat.com/errata/RHSA-2023:0506
reference_id RHSA-2023:0506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0506
19
reference_url https://access.redhat.com/errata/RHSA-2023:0527
reference_id RHSA-2023:0527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0527
20
reference_url https://access.redhat.com/errata/RHSA-2023:0855
reference_id RHSA-2023:0855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0855
21
reference_url https://access.redhat.com/errata/RHSA-2023:0857
reference_id RHSA-2023:0857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0857
22
reference_url https://access.redhat.com/errata/RHSA-2023:0974
reference_id RHSA-2023:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0974
23
reference_url https://usn.ubuntu.com/7664-1/
reference_id USN-7664-1
reference_type
scores
url https://usn.ubuntu.com/7664-1/
fixed_packages
0
url pkg:gem/sinatra@2.2.3
purl pkg:gem/sinatra@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tax5-a72w-mbhy
1
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.2.3
1
url pkg:gem/sinatra@3.0.4
purl pkg:gem/sinatra@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tax5-a72w-mbhy
1
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@3.0.4
aliases CVE-2022-45442, GHSA-2x8x-jmrp-phxw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7su-xtsg-jyg9
2
url VCID-tax5-a72w-mbhy
vulnerability_id VCID-tax5-a72w-mbhy
summary 
Sinatra is vulnerable to ReDoS through ETag header value generation
There is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the response and you are using Ruby < 3.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61921
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60523
published_at 2026-04-21T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60534
published_at 2026-04-18T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60526
published_at 2026-04-16T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60484
published_at 2026-04-13T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60505
published_at 2026-04-12T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60518
published_at 2026-04-11T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60497
published_at 2026-04-09T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60481
published_at 2026-04-08T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60465
published_at 2026-04-04T12:55:00Z
9
value 0.00397
scoring_system epss
scoring_elements 0.60433
published_at 2026-04-07T12:55:00Z
10
value 0.00397
scoring_system epss
scoring_elements 0.60438
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61921
2
reference_url https://bugs.ruby-lang.org/issues/19104
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://bugs.ruby-lang.org/issues/19104
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd
6
reference_url https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb
7
reference_url https://github.com/sinatra/sinatra/issues/2120
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/issues/2120
8
reference_url https://github.com/sinatra/sinatra/pull/1823
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/pull/1823
9
reference_url https://github.com/sinatra/sinatra/pull/2121
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/pull/2121
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
reference_id 1118290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403178
reference_id 2403178
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403178
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61921
reference_id CVE-2025-61921
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61921
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml
reference_id CVE-2025-61921.YML
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml
14
reference_url https://github.com/advisories/GHSA-mr3q-g2mv-mr4q
reference_id GHSA-mr3q-g2mv-mr4q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mr3q-g2mv-mr4q
15
reference_url https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
reference_id GHSA-mr3q-g2mv-mr4q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
fixed_packages
0
url pkg:gem/sinatra@4.2.0
purl pkg:gem/sinatra@4.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.2.0
aliases CVE-2025-61921, GHSA-mr3q-g2mv-mr4q
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tax5-a72w-mbhy
3
url VCID-vy9q-nvxx-yfh5
vulnerability_id VCID-vy9q-nvxx-yfh5
summary 
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44028
published_at 2026-04-21T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48154
published_at 2026-04-16T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48101
published_at 2026-04-13T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.4809
published_at 2026-04-12T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48073
published_at 2026-04-02T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48094
published_at 2026-04-04T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-07T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48097
published_at 2026-04-08T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48115
published_at 2026-04-11T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48092
published_at 2026-04-09T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48149
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
3
reference_url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
5
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
6
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
7
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
8
reference_url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
9
reference_url https://github.com/sinatra/sinatra/pull/2010
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/pull/2010
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
11
reference_url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
reference_id 1087290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
reference_id 2323117
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
14
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
reference_id base.rb%23L319
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
15
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
reference_id base.rb%23L323C1-L343C17
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
16
reference_url https://access.redhat.com/errata/RHSA-2024:10987
reference_id RHSA-2024:10987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10987
fixed_packages
0
url pkg:gem/sinatra@4.1.0
purl pkg:gem/sinatra@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tax5-a72w-mbhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.1.0
aliases CVE-2024-21510, GHSA-hxx2-7vcw-mqr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy9q-nvxx-yfh5
Fixing_vulnerabilities
0
url VCID-5dmr-8tvd-8uen
vulnerability_id VCID-5dmr-8tvd-8uen
summary 
Cross-site Scripting
Sinatra has XSS via the Bad Request page that occurs upon a params parser exception.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0212
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0212
1
reference_url https://access.redhat.com/errata/RHSA-2019:0315
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0315
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11627.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11627.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11627
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.6061
published_at 2026-04-12T12:55:00Z
1
value 0.00398
scoring_system epss
scoring_elements 0.60624
published_at 2026-04-11T12:55:00Z
2
value 0.00398
scoring_system epss
scoring_elements 0.60601
published_at 2026-04-09T12:55:00Z
3
value 0.00398
scoring_system epss
scoring_elements 0.60584
published_at 2026-04-08T12:55:00Z
4
value 0.00398
scoring_system epss
scoring_elements 0.60536
published_at 2026-04-07T12:55:00Z
5
value 0.00398
scoring_system epss
scoring_elements 0.60566
published_at 2026-04-04T12:55:00Z
6
value 0.00398
scoring_system epss
scoring_elements 0.6054
published_at 2026-04-02T12:55:00Z
7
value 0.00398
scoring_system epss
scoring_elements 0.60465
published_at 2026-04-01T12:55:00Z
8
value 0.00398
scoring_system epss
scoring_elements 0.60622
published_at 2026-04-21T12:55:00Z
9
value 0.00398
scoring_system epss
scoring_elements 0.60635
published_at 2026-04-18T12:55:00Z
10
value 0.00398
scoring_system epss
scoring_elements 0.60629
published_at 2026-04-16T12:55:00Z
11
value 0.00398
scoring_system epss
scoring_elements 0.60588
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11627
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2018-11627.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2018-11627.yml
6
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
7
reference_url https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
8
reference_url https://github.com/sinatra/sinatra/issues/1428
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/issues/1428
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1585218
reference_id 1585218
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1585218
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sinatrarb:sinatra:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sinatrarb:sinatra:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sinatrarb:sinatra:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11627
reference_id CVE-2018-11627
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11627
14
reference_url https://github.com/advisories/GHSA-mq35-wqvf-r23c
reference_id GHSA-mq35-wqvf-r23c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mq35-wqvf-r23c
fixed_packages
0
url pkg:gem/sinatra@2.0.0-alpha
purl pkg:gem/sinatra@2.0.0-alpha
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.0-alpha
1
url pkg:gem/sinatra@2.0.2
purl pkg:gem/sinatra@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7f81-3s1y-sfec
1
vulnerability VCID-k7su-xtsg-jyg9
2
vulnerability VCID-tax5-a72w-mbhy
3
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.2
aliases CVE-2018-11627, GHSA-mq35-wqvf-r23c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5dmr-8tvd-8uen
1
url VCID-nwqq-fdtk-dudg
vulnerability_id VCID-nwqq-fdtk-dudg
summary 
Path traversal on Windows
Path traversal is possible via backslash characters on Windows. An attacker could access arbitrary files and directories stored on the file system.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7212.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7212.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7212
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42639
published_at 2026-04-21T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.51175
published_at 2026-04-01T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.51228
published_at 2026-04-02T12:55:00Z
3
value 0.00278
scoring_system epss
scoring_elements 0.51254
published_at 2026-04-04T12:55:00Z
4
value 0.00278
scoring_system epss
scoring_elements 0.51212
published_at 2026-04-07T12:55:00Z
5
value 0.00278
scoring_system epss
scoring_elements 0.51268
published_at 2026-04-08T12:55:00Z
6
value 0.00278
scoring_system epss
scoring_elements 0.51264
published_at 2026-04-09T12:55:00Z
7
value 0.00278
scoring_system epss
scoring_elements 0.51308
published_at 2026-04-11T12:55:00Z
8
value 0.00278
scoring_system epss
scoring_elements 0.51287
published_at 2026-04-12T12:55:00Z
9
value 0.00278
scoring_system epss
scoring_elements 0.51273
published_at 2026-04-13T12:55:00Z
10
value 0.00278
scoring_system epss
scoring_elements 0.51313
published_at 2026-04-16T12:55:00Z
11
value 0.00278
scoring_system epss
scoring_elements 0.5132
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7212
2
reference_url https://github.com/sinatra/rack-protection/pull/120
reference_id
reference_type
scores
url https://github.com/sinatra/rack-protection/pull/120
3
reference_url https://github.com/sinatra/rack-protection/pull/120/commits/4239c2f189a73dfc93e957fc97adcbcbc0ed31c6
reference_id
reference_type
scores
url https://github.com/sinatra/rack-protection/pull/120/commits/4239c2f189a73dfc93e957fc97adcbcbc0ed31c6
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c
6
reference_url https://github.com/sinatra/sinatra/commit/d17aa95f5056c52daf5d7c3170fbfd831dc96381
reference_id
reference_type
scores
url https://github.com/sinatra/sinatra/commit/d17aa95f5056c52daf5d7c3170fbfd831dc96381
7
reference_url https://github.com/sinatra/sinatra/pull/1379
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/pull/1379
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1802282
reference_id 1802282
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1802282
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7212
reference_id CVE-2018-7212
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7212
10
reference_url https://github.com/advisories/GHSA-h29f-7f56-j8wh
reference_id GHSA-h29f-7f56-j8wh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h29f-7f56-j8wh
fixed_packages
0
url pkg:gem/sinatra@2.0.1
purl pkg:gem/sinatra@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dmr-8tvd-8uen
1
vulnerability VCID-7f81-3s1y-sfec
2
vulnerability VCID-k7su-xtsg-jyg9
3
vulnerability VCID-nwqq-fdtk-dudg
4
vulnerability VCID-tax5-a72w-mbhy
5
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.1
1
url pkg:gem/sinatra@2.0.2
purl pkg:gem/sinatra@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7f81-3s1y-sfec
1
vulnerability VCID-k7su-xtsg-jyg9
2
vulnerability VCID-tax5-a72w-mbhy
3
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.2
aliases CVE-2018-7212, GHSA-h29f-7f56-j8wh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwqq-fdtk-dudg
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.2