Advisories » MGASA-2022-0280

Updated ruby-sinatra packages fix security vulnerability

Publication date: 13 Aug 2022
Modification date: 13 Aug 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-29970

Description

Sinatra before 2.2.0 does not validate that the expanded path matches
public_dir when serving static files. (CVE-2022-29970)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30542
• https://lists.suse.com/pipermail/sle-security-updates/2022-June/011265.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29970

SRPMS

8/core

• ruby-sinatra-2.0.8.1-1.1.mga8