MGASA-2022-0280

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2022-0280.html
Import Source
https://advisories.mageia.org/MGASA-2022-0280.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2022-0280
Related
Published
2022-08-13T02:32:35Z
Modified
2022-08-13T01:07:15Z
Summary
Updated ruby-sinatra packages fix security vulnerability
Details

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. (CVE-2022-29970)

References
Credits

Affected packages

Mageia:8 / ruby-sinatra

Package

Name
ruby-sinatra
Purl
pkg:rpm/mageia/ruby-sinatra?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.8.1-1.1.mga8

Ecosystem specific 

{
    "section": "core"
}