namusyaka

4 exploits Active since Jul 2015
CVE-2015-5147 WRITEUP WRITEUP
Redcarpet < 3.3.1 - Memory Corruption
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2018-7212 WRITEUP MEDIUM WRITEUP
Sinatra < 2.0.1 - Path Traversal
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
CVSS 5.3
CVE-2020-26298 WRITEUP MEDIUM WRITEUP
Redcarpet <3.5.1 - XSS
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
CVSS 6.8
CVE-2022-45442 WRITEUP HIGH WRITEUP
Sinatra < 2.2.3 - Download Without Integrity Check
Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.
CVSS 8.8