Advisories » MGASA-2023-0029

Updated ruby-sinatra packages fix security vulnerability

Publication date: 07 Feb 2023
Modification date: 06 Feb 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-45442

Description

Potential reflected file download (RFD) vulnerability in ruby-sinatra, a
Ruby library for writing HTTP applications. A Content-Disposition HTTP
header was being incorrectly derived from a potentially user-supplied
filename. (CVE-2022-45442)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31416
• https://www.debian.org/lts/security/2023/dla-3264
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45442

SRPMS

8/core

• ruby-sinatra-2.0.8.1-1.2.mga8