Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sinatra has ReDoS vulnerability in ETag header value generation
Vulnerability Description
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the response. Carefully crafted input can cause `If-Match` and `If-None-Match` header parsing in Sinatra to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is typically involved in generating the `ETag` header value. Any applications that use the `etag` method when generating a response are impacted. Version 4.2.0 fixes the issue.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
Sinatra 安全漏洞
Vulnerability Description
Sinatra是Sinatra开源的一个DSL,用于以最少的努力快速创建Ruby中的web应用程序 Sinatra 4.2.0之前版本存在安全漏洞,该漏洞源于If-Match和If-None-Match标头解析组件存在缺陷,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A