Advisories ยป MGASA-2022-0280

Updated ruby-sinatra packages fix security vulnerability

Publication date: 13 Aug 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-29970

Description

Sinatra before 2.2.0 does not validate that the expanded path matches
public_dir when serving static files. (CVE-2022-29970)
                

References

SRPMS

8/core