Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/sinatra@1.2.9

Type gem

Namespace

Name sinatra

Version 1.2.9

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.2.0

Latest_non_vulnerable_version 4.2.0

Affected_by_vulnerabilities

url VCID-afxt-p86d-cfhd

vulnerability_id VCID-afxt-p86d-cfhd

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45442.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45442.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-45442

reference_id

reference_type

scores

value	0.00356
scoring_system	epss
scoring_elements	0.58438
published_at	2026-06-13T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.5831
published_at	2026-06-11T12:55:00Z

value	0.00356
scoring_system	epss
scoring_elements	0.58422
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-45442

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45442
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45442

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sinatra/sinatra

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025125
reference_id	1025125
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025125

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2153363
reference_id	2153363
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2153363

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-45442

reference_id

CVE-2022-45442

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-45442

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-45442.yml

reference_id

CVE-2022-45442.YML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-45442.yml

reference_url

https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b

reference_id

ea8fc9495a350f7551b39e3025bfcd06f49f363b

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/

url

https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b

reference_url

https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf

reference_id

eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/

url

https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf

reference_url

https://github.com/advisories/GHSA-2x8x-jmrp-phxw

reference_id

GHSA-2x8x-jmrp-phxw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2x8x-jmrp-phxw

reference_url

https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

reference_id

GHSA-2x8x-jmrp-phxw

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/

url

https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw

reference_url

https://github.com/advisories/GHSA-8x94-hmjh-97hq

reference_id

GHSA-8x94-hmjh-97hq

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/

url

https://github.com/advisories/GHSA-8x94-hmjh-97hq

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00005.html

reference_id

msg00005.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00005.html

reference_url	https://access.redhat.com/errata/RHSA-2023:0393
reference_id	RHSA-2023:0393
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0393

reference_url	https://access.redhat.com/errata/RHSA-2023:0427
reference_id	RHSA-2023:0427
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0427

reference_url	https://access.redhat.com/errata/RHSA-2023:0506
reference_id	RHSA-2023:0506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0506

reference_url	https://access.redhat.com/errata/RHSA-2023:0527
reference_id	RHSA-2023:0527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0527

reference_url	https://access.redhat.com/errata/RHSA-2023:0855
reference_id	RHSA-2023:0855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0855

reference_url	https://access.redhat.com/errata/RHSA-2023:0857
reference_id	RHSA-2023:0857
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0857

reference_url	https://access.redhat.com/errata/RHSA-2023:0974
reference_id	RHSA-2023:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0974

reference_url	https://usn.ubuntu.com/7664-1/
reference_id	USN-7664-1
reference_type
scores
url	https://usn.ubuntu.com/7664-1/

fixed_packages

url pkg:gem/sinatra@2.2.3

purl pkg:gem/sinatra@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-afxt-p86d-cfhd

vulnerability	VCID-bnc4-apdt-2kcq

vulnerability	VCID-p4dg-33re-63bp

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.2.3

url pkg:gem/sinatra@3.0.4

purl pkg:gem/sinatra@3.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-afxt-p86d-cfhd

vulnerability	VCID-bnc4-apdt-2kcq

vulnerability	VCID-p4dg-33re-63bp

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@3.0.4

aliases CVE-2022-45442, GHSA-2x8x-jmrp-phxw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afxt-p86d-cfhd

url VCID-bnc4-apdt-2kcq

vulnerability_id VCID-bnc4-apdt-2kcq

summary Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the response. Carefully crafted input can cause `If-Match` and `If-None-Match` header parsing in Sinatra to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is typically involved in generating the `ETag` header value. Any applications that use the `etag` method when generating a response are impacted. Version 4.2.0 fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61921

reference_id

reference_type

scores

value	0.00521
scoring_system	epss
scoring_elements	0.67385
published_at	2026-06-13T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.6728
published_at	2026-06-11T12:55:00Z

value	0.00521
scoring_system	epss
scoring_elements	0.67371
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61921

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921

reference_url

https://github.com/sinatra/sinatra

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra

reference_url

https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd

reference_url

https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
reference_id	1118290
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290

reference_url

https://github.com/sinatra/sinatra/pull/1823

reference_id

1823

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/

url

https://github.com/sinatra/sinatra/pull/1823

reference_url

https://bugs.ruby-lang.org/issues/19104

reference_id

19104

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/

url

https://bugs.ruby-lang.org/issues/19104

reference_url

https://github.com/sinatra/sinatra/issues/2120

reference_id

2120

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/

url

https://github.com/sinatra/sinatra/issues/2120

reference_url

https://github.com/sinatra/sinatra/pull/2121

reference_id

2121

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/

url

https://github.com/sinatra/sinatra/pull/2121

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403178
reference_id	2403178
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403178

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-61921

reference_id

CVE-2025-61921

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-61921

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml

reference_id

CVE-2025-61921.YML

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml

reference_url

https://github.com/advisories/GHSA-mr3q-g2mv-mr4q

reference_id

GHSA-mr3q-g2mv-mr4q

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mr3q-g2mv-mr4q

reference_url

https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q

reference_id

GHSA-mr3q-g2mv-mr4q

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/

url

https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q

fixed_packages

url	pkg:gem/sinatra@4.2.0
purl	pkg:gem/sinatra@4.2.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.2.0

aliases CVE-2025-61921, GHSA-mr3q-g2mv-mr4q

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnc4-apdt-2kcq

url VCID-fqy3-a838-7ydw

vulnerability_id VCID-fqy3-a838-7ydw

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29970.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29970.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29970

reference_id

reference_type

scores

value	0.00601
scoring_system	epss
scoring_elements	0.70073
published_at	2026-06-13T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69968
published_at	2026-06-11T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.70059
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sinatra/sinatra

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra

reference_url

https://github.com/sinatra/sinatra/pull/1683

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/pull/1683

reference_url

https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e

reference_url

https://github.com/skylightio/skylight-ruby/pull/294

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/skylightio/skylight-ruby/pull/294

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717
reference_id	1014717
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2081096
reference_id	2081096
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2081096

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29970

reference_id

CVE-2022-29970

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29970

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml

reference_id

CVE-2022-29970.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml

reference_url

https://github.com/advisories/GHSA-qp49-3pvw-x4m5

reference_id

GHSA-qp49-3pvw-x4m5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qp49-3pvw-x4m5

reference_url	https://access.redhat.com/errata/RHSA-2022:2253
reference_id	RHSA-2022:2253
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2253

reference_url	https://access.redhat.com/errata/RHSA-2022:2255
reference_id	RHSA-2022:2255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2255

reference_url	https://access.redhat.com/errata/RHSA-2022:2256
reference_id	RHSA-2022:2256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2256

reference_url	https://access.redhat.com/errata/RHSA-2022:4587
reference_id	RHSA-2022:4587
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4587

reference_url	https://access.redhat.com/errata/RHSA-2022:4661
reference_id	RHSA-2022:4661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4661

reference_url	https://access.redhat.com/errata/RHSA-2022:8506
reference_id	RHSA-2022:8506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8506

reference_url	https://usn.ubuntu.com/7664-1/
reference_id	USN-7664-1
reference_type
scores
url	https://usn.ubuntu.com/7664-1/

fixed_packages

url pkg:gem/sinatra@2.2.0

purl pkg:gem/sinatra@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-afxt-p86d-cfhd

vulnerability	VCID-bnc4-apdt-2kcq

vulnerability	VCID-p4dg-33re-63bp

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.2.0

aliases CVE-2022-29970, GHSA-qp49-3pvw-x4m5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqy3-a838-7ydw

url VCID-jwrc-ak7f-qybx

vulnerability_id VCID-jwrc-ak7f-qybx

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2019:0212

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0212

reference_url

https://access.redhat.com/errata/RHSA-2019:0315

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0315

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11627.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11627.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11627

reference_id

reference_type

scores

value	0.00398
scoring_system	epss
scoring_elements	0.61018
published_at	2026-06-11T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.61124
published_at	2026-06-12T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.61133
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11627

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sinatra/sinatra

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra

reference_url

https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a

reference_url

https://github.com/sinatra/sinatra/issues/1428

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/issues/1428

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1585218
reference_id	1585218
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1585218

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11627

reference_id

CVE-2018-11627

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11627

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2018-11627.yml

reference_id

CVE-2018-11627.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2018-11627.yml

reference_url

https://github.com/advisories/GHSA-mq35-wqvf-r23c

reference_id

GHSA-mq35-wqvf-r23c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mq35-wqvf-r23c

fixed_packages

url	pkg:gem/sinatra@2.0.0-alpha
purl	pkg:gem/sinatra@2.0.0-alpha
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.0-alpha

url pkg:gem/sinatra@2.0.2

purl pkg:gem/sinatra@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-afxt-p86d-cfhd

vulnerability	VCID-bnc4-apdt-2kcq

vulnerability	VCID-fqy3-a838-7ydw

vulnerability	VCID-p4dg-33re-63bp

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.0.2

aliases CVE-2018-11627, GHSA-mq35-wqvf-r23c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwrc-ak7f-qybx

url VCID-p4dg-33re-63bp

vulnerability_id VCID-p4dg-33re-63bp

summary Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21510

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43634
published_at	2026-06-13T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43614
published_at	2026-06-12T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43458
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21510

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510

reference_url

https://github.com/advisories/GHSA-hxx2-7vcw-mqr3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-hxx2-7vcw-mqr3

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml

reference_url

https://github.com/sinatra/sinatra

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra

reference_url

https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319

reference_url

https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17

reference_url

https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-21510

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-21510

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
reference_id	1087290
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290

reference_url

https://github.com/sinatra/sinatra/pull/2010

reference_id

2010

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/

url

https://github.com/sinatra/sinatra/pull/2010

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2323117
reference_id	2323117
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2323117

reference_url

https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319

reference_id

base.rb%23L319

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/

url

https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319

reference_url

https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17

reference_id

base.rb%23L323C1-L343C17

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/

url

https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17

reference_url	https://access.redhat.com/errata/RHSA-2024:10987
reference_id	RHSA-2024:10987
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10987

reference_url

https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832

reference_id

SNYK-RUBY-SINATRA-6483832

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/

url

https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832

fixed_packages

url pkg:gem/sinatra@4.1.0

purl pkg:gem/sinatra@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bnc4-apdt-2kcq

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.1.0

aliases CVE-2024-21510, GHSA-hxx2-7vcw-mqr3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4dg-33re-63bp

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@1.2.9

Package Instance