Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: sinatra
date: 2018-02-18
url: https://github.com/sinatra/sinatra/pull/1379
cve: 2018-7212
title: Path traversal is possible via backslash characters on Windows.
description: |
  An issue was discovered in Sinatra 2.x before 2.0.1 on Windows. Path traversal
  is possible via backslash characters.
patched_versions:
- ">= 2.0.1"