vulnerability
Oracle Linux: CVE-2022-29970: ELSA-2022-9416: pcs security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | 2022-05-02 | 2022-05-20 | 2024-12-06 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
2022-05-02
Added
2022-05-20
Modified
2024-12-06
Description
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.
Solution(s)
oracle-linux-upgrade-pcsoracle-linux-upgrade-pcs-snmp
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.