PRIOn knowledge basePRION:CVE-2022-29970

HistoryMay 02, 2022 - 5:15 a.m.

Code injection

2022-05-0205:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

CPENameOperatorVersion
debian_linuxeq10.0
sinatralt2.2.0

CPE	Name	Operator	Version
	debian_linux	eq	10.0
	sinatra	lt	2.2.0

References

github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e

lists.debian.org/debian-lts-announce/2022/10/msg00034.html