Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sinatra vulnerable to Reflected File Download attack
Vulnerability Description
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
下载代码缺少完整性检查
Vulnerability Title
Sinatra 安全漏洞
Vulnerability Description
Sinatra是一种DSL,用于在Ruby中轻松创建Web应用程序。 Sinatra 2.0版本至2.2.3之前版本、3.0版本至3.0.4之前版本存在安全漏洞,该漏洞源于当文件名源自用户提供的输入时,应用程序容易受到反射文件下载(RFD)攻击。
CVSS Information
N/A
Vulnerability Type
N/A