VulnerableCode Package Details - pkg:gem/sinatra@2.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/sinatra@2.3

Essentials
History (1)

purl	pkg:gem/sinatra@2.3
Tags	Ghost

Next non-vulnerable version	4.2.0
Latest non-vulnerable version	4.2.0
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-k7su-xtsg-jyg9 Aliases: CVE-2022-45442 GHSA-2x8x-jmrp-phxw	Sinatra vulnerable to Reflected File Download attack ### Description An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. ### References * https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf * https://github.com/advisories/GHSA-8x94-hmjh-97hq	3.0.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:18:27.310013+00:00	Ruby Importer	Affected by	VCID-k7su-xtsg-jyg9	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-45442.yml	38.0.0