Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/sinatra@2.2.0
Typegem
Namespace
Namesinatra
Version2.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.0
Latest_non_vulnerable_version4.2.0
Affected_by_vulnerabilities
0
url VCID-k7su-xtsg-jyg9
vulnerability_id VCID-k7su-xtsg-jyg9
summary 
Sinatra vulnerable to Reflected File Download attack
### Description
An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input.

### References
* https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
* https://github.com/advisories/GHSA-8x94-hmjh-97hq
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45442.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45442.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45442
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53256
published_at 2026-04-21T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53276
published_at 2026-04-18T12:55:00Z
2
value 0.00317
scoring_system epss
scoring_elements 0.54779
published_at 2026-04-02T12:55:00Z
3
value 0.00317
scoring_system epss
scoring_elements 0.54829
published_at 2026-04-16T12:55:00Z
4
value 0.00317
scoring_system epss
scoring_elements 0.5479
published_at 2026-04-13T12:55:00Z
5
value 0.00317
scoring_system epss
scoring_elements 0.54812
published_at 2026-04-12T12:55:00Z
6
value 0.00317
scoring_system epss
scoring_elements 0.5483
published_at 2026-04-11T12:55:00Z
7
value 0.00317
scoring_system epss
scoring_elements 0.54819
published_at 2026-04-09T12:55:00Z
8
value 0.00317
scoring_system epss
scoring_elements 0.54822
published_at 2026-04-08T12:55:00Z
9
value 0.00317
scoring_system epss
scoring_elements 0.54771
published_at 2026-04-07T12:55:00Z
10
value 0.00317
scoring_system epss
scoring_elements 0.54802
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45442
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45442
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45442
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-8x94-hmjh-97hq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://github.com/advisories/GHSA-8x94-hmjh-97hq
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-45442.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-45442.yml
6
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
7
reference_url https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b
8
reference_url https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
9
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00005.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00005.html
10
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45442
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45442
12
reference_url https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:40:06Z/
url https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025125
reference_id 1025125
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025125
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153363
reference_id 2153363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153363
15
reference_url https://github.com/advisories/GHSA-2x8x-jmrp-phxw
reference_id GHSA-2x8x-jmrp-phxw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2x8x-jmrp-phxw
16
reference_url https://access.redhat.com/errata/RHSA-2023:0393
reference_id RHSA-2023:0393
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0393
17
reference_url https://access.redhat.com/errata/RHSA-2023:0427
reference_id RHSA-2023:0427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0427
18
reference_url https://access.redhat.com/errata/RHSA-2023:0506
reference_id RHSA-2023:0506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0506
19
reference_url https://access.redhat.com/errata/RHSA-2023:0527
reference_id RHSA-2023:0527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0527
20
reference_url https://access.redhat.com/errata/RHSA-2023:0855
reference_id RHSA-2023:0855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0855
21
reference_url https://access.redhat.com/errata/RHSA-2023:0857
reference_id RHSA-2023:0857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0857
22
reference_url https://access.redhat.com/errata/RHSA-2023:0974
reference_id RHSA-2023:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0974
23
reference_url https://usn.ubuntu.com/7664-1/
reference_id USN-7664-1
reference_type
scores
url https://usn.ubuntu.com/7664-1/
fixed_packages
0
url pkg:gem/sinatra@2.2.3
purl pkg:gem/sinatra@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tax5-a72w-mbhy
1
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.2.3
1
url pkg:gem/sinatra@3.0.4
purl pkg:gem/sinatra@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tax5-a72w-mbhy
1
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@3.0.4
aliases CVE-2022-45442, GHSA-2x8x-jmrp-phxw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7su-xtsg-jyg9
1
url VCID-tax5-a72w-mbhy
vulnerability_id VCID-tax5-a72w-mbhy
summary 
Sinatra is vulnerable to ReDoS through ETag header value generation
There is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the response and you are using Ruby < 3.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61921
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60523
published_at 2026-04-21T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60534
published_at 2026-04-18T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60526
published_at 2026-04-16T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60484
published_at 2026-04-13T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60505
published_at 2026-04-12T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60518
published_at 2026-04-11T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60497
published_at 2026-04-09T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60481
published_at 2026-04-08T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60465
published_at 2026-04-04T12:55:00Z
9
value 0.00397
scoring_system epss
scoring_elements 0.60433
published_at 2026-04-07T12:55:00Z
10
value 0.00397
scoring_system epss
scoring_elements 0.60438
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61921
2
reference_url https://bugs.ruby-lang.org/issues/19104
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://bugs.ruby-lang.org/issues/19104
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61921
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/3fe8c38dc405586f7ad8f2ac748aa53e9c3615bd
6
reference_url https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/8ff496bd4877520599e1479d6efead39304edceb
7
reference_url https://github.com/sinatra/sinatra/issues/2120
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/issues/2120
8
reference_url https://github.com/sinatra/sinatra/pull/1823
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/pull/1823
9
reference_url https://github.com/sinatra/sinatra/pull/2121
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/pull/2121
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
reference_id 1118290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118290
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403178
reference_id 2403178
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403178
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61921
reference_id CVE-2025-61921
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61921
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml
reference_id CVE-2025-61921.YML
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2025-61921.yml
14
reference_url https://github.com/advisories/GHSA-mr3q-g2mv-mr4q
reference_id GHSA-mr3q-g2mv-mr4q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mr3q-g2mv-mr4q
15
reference_url https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
reference_id GHSA-mr3q-g2mv-mr4q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:54:24Z/
url https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
fixed_packages
0
url pkg:gem/sinatra@4.2.0
purl pkg:gem/sinatra@4.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.2.0
aliases CVE-2025-61921, GHSA-mr3q-g2mv-mr4q
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tax5-a72w-mbhy
2
url VCID-vy9q-nvxx-yfh5
vulnerability_id VCID-vy9q-nvxx-yfh5
summary 
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21510.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44028
published_at 2026-04-21T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48154
published_at 2026-04-16T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.48101
published_at 2026-04-13T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.4809
published_at 2026-04-12T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48073
published_at 2026-04-02T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48094
published_at 2026-04-04T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.48044
published_at 2026-04-07T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48097
published_at 2026-04-08T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48115
published_at 2026-04-11T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48092
published_at 2026-04-09T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48149
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21510
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510
3
reference_url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2024-21510.yml
5
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
6
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L319
7
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb#L323C1-L343C17
8
reference_url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
9
reference_url https://github.com/sinatra/sinatra/pull/2010
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/pull/2010
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21510
11
reference_url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
reference_id 1087290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087290
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
reference_id 2323117
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2323117
14
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
reference_id base.rb%23L319
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319
15
reference_url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
reference_id base.rb%23L323C1-L343C17
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-01T14:19:38Z/
url https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17
16
reference_url https://access.redhat.com/errata/RHSA-2024:10987
reference_id RHSA-2024:10987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10987
fixed_packages
0
url pkg:gem/sinatra@4.1.0
purl pkg:gem/sinatra@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tax5-a72w-mbhy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@4.1.0
aliases CVE-2024-21510, GHSA-hxx2-7vcw-mqr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy9q-nvxx-yfh5
Fixing_vulnerabilities
0
url VCID-7f81-3s1y-sfec
vulnerability_id VCID-7f81-3s1y-sfec
summary 
sinatra does not validate expanded path matches
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29970.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29970.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29970
reference_id
reference_type
scores
0
value 0.00601
scoring_system epss
scoring_elements 0.69504
published_at 2026-04-21T12:55:00Z
1
value 0.00601
scoring_system epss
scoring_elements 0.69524
published_at 2026-04-18T12:55:00Z
2
value 0.00601
scoring_system epss
scoring_elements 0.69515
published_at 2026-04-16T12:55:00Z
3
value 0.00601
scoring_system epss
scoring_elements 0.69476
published_at 2026-04-13T12:55:00Z
4
value 0.00601
scoring_system epss
scoring_elements 0.6949
published_at 2026-04-12T12:55:00Z
5
value 0.00601
scoring_system epss
scoring_elements 0.69505
published_at 2026-04-11T12:55:00Z
6
value 0.00601
scoring_system epss
scoring_elements 0.69483
published_at 2026-04-09T12:55:00Z
7
value 0.00601
scoring_system epss
scoring_elements 0.69417
published_at 2026-04-07T12:55:00Z
8
value 0.00601
scoring_system epss
scoring_elements 0.69468
published_at 2026-04-08T12:55:00Z
9
value 0.00601
scoring_system epss
scoring_elements 0.69438
published_at 2026-04-04T12:55:00Z
10
value 0.00601
scoring_system epss
scoring_elements 0.69421
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29970
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/sinatra/sinatra
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra
5
reference_url https://github.com/sinatra/sinatra/pull/1683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/pull/1683
6
reference_url https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
7
reference_url https://github.com/skylightio/skylight-ruby/pull/294
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/skylightio/skylight-ruby/pull/294
8
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717
reference_id 1014717
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014717
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2081096
reference_id 2081096
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2081096
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29970
reference_id CVE-2022-29970
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29970
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml
reference_id CVE-2022-29970.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml
14
reference_url https://github.com/advisories/GHSA-qp49-3pvw-x4m5
reference_id GHSA-qp49-3pvw-x4m5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp49-3pvw-x4m5
15
reference_url https://access.redhat.com/errata/RHSA-2022:2253
reference_id RHSA-2022:2253
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2253
16
reference_url https://access.redhat.com/errata/RHSA-2022:2255
reference_id RHSA-2022:2255
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2255
17
reference_url https://access.redhat.com/errata/RHSA-2022:2256
reference_id RHSA-2022:2256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2256
18
reference_url https://access.redhat.com/errata/RHSA-2022:4587
reference_id RHSA-2022:4587
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4587
19
reference_url https://access.redhat.com/errata/RHSA-2022:4661
reference_id RHSA-2022:4661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4661
20
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
21
reference_url https://usn.ubuntu.com/7664-1/
reference_id USN-7664-1
reference_type
scores
url https://usn.ubuntu.com/7664-1/
fixed_packages
0
url pkg:gem/sinatra@2.2.0
purl pkg:gem/sinatra@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k7su-xtsg-jyg9
1
vulnerability VCID-tax5-a72w-mbhy
2
vulnerability VCID-vy9q-nvxx-yfh5
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.2.0
aliases CVE-2022-29970, GHSA-qp49-3pvw-x4m5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f81-3s1y-sfec
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/sinatra@2.2.0