VulnerableCode Package Details - pkg:deb/debian/ruby-sinatra@3.0.5-2?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/ruby-sinatra@3.0.5-2?distro=trixie

purl	pkg:deb/debian/ruby-sinatra@3.0.5-2?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-k7su-xtsg-jyg9	Sinatra vulnerable to Reflected File Download attack ### Description An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. ### References * https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf * https://github.com/advisories/GHSA-8x94-hmjh-97hq	CVE-2022-45442 GHSA-2x8x-jmrp-phxw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-01T23:51:30.603038+00:00	Debian Importer	Fixing	VCID-k7su-xtsg-jyg9	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-04-16T09:46:56.836929+00:00	Debian Importer	Fixing	VCID-k7su-xtsg-jyg9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T06:32:01.057604+00:00	Debian Importer	Fixing	VCID-k7su-xtsg-jyg9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:23.691071+00:00	Debian Importer	Fixing	VCID-k7su-xtsg-jyg9	https://security-tracker.debian.org/tracker/data/json	38.1.0