Cross-site Scripting (XSS)
Affecting sinatra gem, versions <1.4.6, >=1.4.0.a
sinatra is a DSL for quickly creating web applications in Ruby with minimal effort.
Affected versions of the package are vulnerable to reflected Cross-site Scripting (XSS). This occurs on the development 404 page, which does not validate the request path. This may allow attackers to create a specially crafted request that would execute arbitrary script code.
You can read more about
Cross-site Scripting (XSS) on our blog.
sinatra to version 1.4.6 or higher.
Do your applications use this vulnerable package?
- Andy Brody
- Snyk ID
- 11 Jun, 2014
- 10 Jan, 2018