Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Mageia 8, MGASA-2022-0280: Moderate Path Issue in Ruby-Sinatra

mageia
Calendar Grey August 13, 2022
Dist Mageia Esm H88
Python-flask libraries upgraded to resolve image hosting bug in Mageia. Urgent vulnerability notice issued.
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files

Summary

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. (CVE-2022-29970)

References

- https://bugs.mageia.org/show_bug.cgi?id=30542

- https://lists.suse.com/pipermail/sle-security-updates/2022-June/011265.html

- https://www.cve.org/CVERecord?id=CVE-2022-29970

Resolution

SRPMS

- 8/core/ruby-sinatra-2.0.8.1-1.1.mga8

Publication date: 13 Aug 2022
URL: https://advisories.mageia.org/MGASA-2022-0280.html
Type: security
CVE: CVE-2022-29970

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.