VulnerableCode Package Details - pkg:deb/debian/ruby-sinatra@1.4.3-1~bpo70%2B1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/ruby-sinatra@1.4.3-1~bpo70%2B1

purl	pkg:deb/debian/ruby-sinatra@1.4.3-1~bpo70%2B1

Next non-vulnerable version	4.2.1-3
Latest non-vulnerable version	4.2.1-3
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-7f81-3s1y-sfec Aliases: CVE-2022-29970 GHSA-qp49-3pvw-x4m5	sinatra does not validate expanded path matches Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.	3.0.5-3+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-k7su-xtsg-jyg9 Aliases: CVE-2022-45442 GHSA-2x8x-jmrp-phxw	Sinatra vulnerable to Reflected File Download attack ### Description An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. ### References * https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf * https://github.com/advisories/GHSA-8x94-hmjh-97hq	3.0.5-3+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T23:23:37.591001+00:00	Debian Oval Importer	Affected by	VCID-7f81-3s1y-sfec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:34:15.641013+00:00	Debian Oval Importer	Affected by	VCID-k7su-xtsg-jyg9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T22:59:06.515711+00:00	Debian Oval Importer	Affected by	VCID-7f81-3s1y-sfec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:22:13.651271+00:00	Debian Oval Importer	Affected by	VCID-k7su-xtsg-jyg9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T22:33:19.208428+00:00	Debian Oval Importer	Affected by	VCID-7f81-3s1y-sfec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:16:51.875912+00:00	Debian Oval Importer	Affected by	VCID-k7su-xtsg-jyg9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0