Home

CVE-2022-29970

Description

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.601

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-29970 are fixed in Ruby-sinatra 2.2.0Windows
(RHSA-2022:8506) Satellite 6.12 Release foreman-cli-3.3.0.17-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release python39-pulp_manifest-3.0.0-3.el8pc.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-gssapi-1.2.0-8.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release satellite-cli-6.12.0-4.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release satellite-clone-3.2.0-1.el8sat.noarch.rpmLinux
Vulnerabilities CVE-2022-29970 are fixed in Ruby-sinatra for Linux 2.2.0Linux
Ruby web-development dressed in a DSL (USN-7664-1) USN-7664-1 ruby-sinatra_2.0.8.1-2+deb11u1build0.22.04.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234