Sinatra vulnerable to Reflected File Download attack
CVE-2022-45442

8.8HIGH

Key Information:

Vendor: Sinatra
Status: Sinatra
Vendor: CVE Published:; 28 November 2022

What is CVE-2022-45442?

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

sinatra >= 3.0, < 3.0.4 < 3.0, 3.0.4

sinatra >= 2.0, < 2.2.3 < 2.0, 2.2.3

References

https://github.com/sinatra/sinatra/security/advisories/GH...

https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7...

https://github.com/advisories/GHSA-8x94-hmjh-97hq

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 28, 2022
Vulnerability Reserved
Nov 15, 2022

JSON

Sinatra

What is CVE-2022-45442?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.