vulnerability
Oracle Linux: CVE-2022-29970: ELSA-2022-9416: pcs security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | May 2, 2022 | May 20, 2022 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
May 2, 2022
Added
May 20, 2022
Modified
Dec 3, 2025
Description
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.
Solutions
oracle-linux-upgrade-pcsoracle-linux-upgrade-pcs-snmp
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.