Description
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/sinatra/sinatra/pull/1379
Scores
CVSS v3
5.3
EPSS
0.0021
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (3)
rubygems/sinatra
2.0.0.beta1 - 2.0.1RubyGems
sinatrarb/sinatra
2.0.0 (8 CPE variants)
sinatrarb/sinatra
2.0.1 rc1
Published
Feb 18, 2018
Tracked Since
Feb 18, 2026