Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: sinatra
date: 2018-05-31
url: https://github.com/sinatra/sinatra/issues/1428
cve: 2018-11627
title: XSS via the 400 Bad Request page
description: 'Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs
  upon a params parser exception.

'
cvss_v3: '6.1'
unaffected_versions:
- "< 2.0.0.beta1"
- 2.0.0-alpha
patched_versions:
- ">= 2.0.2"