rubygem-sinatra vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the rubygem-sinatra package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Reliance on Untrusted Inputs in a Security Decision

*
  • M
Reliance on Untrusted Inputs in a Security Decision

*
  • M
Information Exposure Through Log Files

<1:1.4.7-3.el7sat
  • M
Cross-site Scripting (XSS)

<1:1.4.7-3.el7sat
  • M
Cross-site Scripting (XSS)

<1:1.4.7-3.el7sat
  • M
Cross-site Scripting (XSS)

<1:1.4.7-3.el7sat
  • H
Information Exposure

<1:1.4.7-3.el7sat
  • H
SQL Injection

<1:1.4.7-3.el7sat
  • H
Information Exposure

<1:1.4.7-3.el7sat
  • H
Deserialization of Untrusted Data

<1:1.4.7-3.el7sat
  • H
Cross-site Scripting (XSS)

<1:1.4.7-3.el7sat
  • H
Cross-site Scripting (XSS)

<1:1.4.7-3.el7sat
  • H
XML External Entity (XXE) Injection

<1:1.4.7-3.el7sat
  • H
Information Exposure

<1:1.4.7-3.el7sat
  • H
Use of a Broken or Risky Cryptographic Algorithm

<1:1.4.7-3.el7sat
  • H
Improper Access Control

<1:1.4.7-3.el7sat
  • H
Missing Required Cryptographic Step

<1:1.4.7-3.el7sat
  • H
Missing Required Cryptographic Step

<1:1.4.7-3.el7sat
  • H
Information Exposure

<1:1.4.7-3.el7sat
  • H
Covert Timing Channel

<1:1.4.7-3.el7sat
  • H
Incorrect Calculation

<1:1.4.7-3.el7sat
  • H
Missing Required Cryptographic Step

<1:1.4.7-3.el7sat
  • H
Missing Required Cryptographic Step

<1:1.4.7-3.el7sat
  • H
Missing Required Cryptographic Step

<1:1.4.7-3.el7sat
  • M
Directory Traversal

<1:1.4.7-3.el7sat
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<1:1.4.7-3.el7sat
  • H
Improper Certificate Validation

<1:1.4.7-3.el7sat
  • M
CVE-2013-6668

<1:1.4.7-1.el7sat
  • M
Information Exposure

<1:1.3.6-27.el7sat
  • M
Improper Input Validation

<1:1.3.6-27.el7sat
  • M
Incorrect Permission Assignment for Critical Resource

<1:1.4.7-3.el7sat
  • M
Cleartext Storage of Sensitive Information

<1:1.4.7-3.el7sat
  • M
Improper Authentication

<1:1.4.7-3.el7sat
  • H
Information Exposure

<1:1.4.7-3.el7sat
  • H
Improper Authorization

<1:1.4.7-3.el7sat
  • H
Cleartext Transmission of Sensitive Information

<1:1.4.7-3.el7sat
  • H
Improper Certificate Validation

<1:1.4.7-3.el7sat
  • H
Improper Input Validation

<1:1.4.7-3.el7sat
  • H
Improper Input Validation

<1:1.4.7-3.el7sat
  • H
Cross-site Scripting (XSS)

<1:1.4.7-3.el7sat
  • M
Cross-site Scripting (XSS)

<1:1.4.7-3.el7sat
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<1:1.4.7-3.el7sat
  • M
Omission of Security-relevant Information

<1:1.4.7-1.el7sat
  • H
Information Exposure

<1:1.4.7-3.el7sat
  • M
Resource Exhaustion

<1:1.4.7-3.el7sat
  • H
Incomplete Blacklist

<1:1.4.7-3.el7sat
  • H
Directory Traversal

*
  • M
Resource Exhaustion

<1:1.4.7-1.el7sat
  • M
HTTP Response Splitting

<1:1.4.7-3.el7sat
  • M
Arbitrary Argument Injection

<1:1.4.7-3.el7sat
  • H
Out-of-Bounds

<1:1.4.7-3.el7sat
  • M
Improper Neutralization of Special Elements

<1:1.4.7-3.el7sat
  • H
Deserialization of Untrusted Data

<1:1.4.7-3.el7sat
  • M
CVE-2016-6346

<1:1.4.7-3.el7sat
  • M
Improper Neutralization of Special Elements

<1:1.4.7-3.el7sat
  • M
Access Restriction Bypass

<1:1.3.6-27.el7sat
  • M
Improper Data Handling

<1:1.3.6-27.el7sat
  • M
Improper Data Handling

<1:1.3.6-27.el7sat
  • H
Deserialization of Untrusted Data

<1:1.4.7-3.el7sat
  • M
Algorithmic Complexity

<1:1.3.6-27.el7sat