Lucene search
GoogleOSV:GHSA-QP49-3PVW-X4M5HistoryMay 03, 2022 - 12:00 a.m.
sinatra does not validate expanded path matches
2022-05-0300:00:43
Google
osv.dev
47
0.002 Low
EPSS
Percentile
61.3%
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
References
github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml
github.com/sinatra/sinatra
github.com/sinatra/sinatra/pull/1683
github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
github.com/skylightio/skylight-ruby/pull/294
lists.debian.org/debian-lts-announce/2022/10/msg00034.html
nvd.nist.gov/vuln/detail/CVE-2022-29970
Related
nessus
nessus
RHEL 8 : pcs (RHSA-2022:2256)
2022-05-16 00:00:00
RHEL 8 : pcs (RHSA-2022:4661)
2022-05-19 00:00:00
Debian DLA-3166-1 : ruby-sinatra - LTS security update
2022-10-28 00:00:00
mageia
mageia
Updated ruby-sinatra packages fix security vulnerability
2022-08-13 05:32:35
osv
osv
Important: pcs security update
2022-05-18 13:52:10
CVE-2022-29970
2022-05-02 05:15:06
Important: pcs security update
2022-05-18 13:52:10
cve
cve
CVE-2022-29970
2022-05-02 05:15:06
veracode
veracode
Privilege Escalation
2022-05-04 17:08:11
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0280)
2022-08-15 00:00:00
Debian: Security Advisory (DLA-3166-1)
2022-10-29 00:00:00
redhatcve
redhatcve
CVE-2022-29970
2022-05-02 18:30:17
redhat
redhat
(RHSA-2022:2255) Important: pcs security update
2022-05-16 07:05:10
(RHSA-2022:4661) Important: pcs security update
2022-05-18 13:52:10
(RHSA-2022:2256) Important: pcs security update
2022-05-16 07:05:30
debian
debian
[SECURITY] [DLA 3166-1] ruby-sinatra security update
2022-10-28 03:53:39
ubuntucve
ubuntucve
CVE-2022-29970
2022-05-02 00:00:00
oraclelinux
oraclelinux
pcs security update
2022-06-30 00:00:00
pcs security update
2022-05-20 00:00:00
prion
prion
Code injection
2022-05-02 05:15:00
cvelist
cvelist
CVE-2022-29970
2022-05-02 00:00:00
debiancve
debiancve
CVE-2022-29970
2022-05-02 05:15:06
almalinux
almalinux
Important: pcs security update
2022-05-18 00:00:00
Important: pcs security update
2022-05-18 13:52:10
github
github
sinatra does not validate expanded path matches
2022-05-03 00:00:43
rocky
rocky
pcs security update
2022-05-18 13:52:10
Satellite 6.12 Release
2022-11-16 13:21:30
nvd
nvd
CVE-2022-29970
2022-05-02 05:15:06
