VulnerableCode Package Details - pkg:gem/sinatra@3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/sinatra@3.0

Essentials
History (2)

purl	pkg:gem/sinatra@3.0
Tags	Ghost

Next non-vulnerable version	4.2.0
Latest non-vulnerable version	4.2.0
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-k7su-xtsg-jyg9 Aliases: CVE-2022-45442 GHSA-2x8x-jmrp-phxw	Sinatra vulnerable to Reflected File Download attack ### Description An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. ### References * https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf * https://github.com/advisories/GHSA-8x94-hmjh-97hq	3.0.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:28:28.498522+00:00	GitLab Importer	Affected by	VCID-k7su-xtsg-jyg9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/sinatra/CVE-2022-45442.yml	38.1.0
2026-04-01T16:04:13.213659+00:00	GHSA Importer	Affected by	VCID-k7su-xtsg-jyg9	https://github.com/advisories/GHSA-2x8x-jmrp-phxw	38.0.0