{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-17T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-18T05:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sinatra/sinatra/pull/1379"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7212", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c", "refsource": "MISC", "url": "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c"}, {"name": "https://github.com/sinatra/sinatra/pull/1379", "refsource": "MISC", "url": "https://github.com/sinatra/sinatra/pull/1379"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:24:11.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sinatra/sinatra/pull/1379"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7212", "datePublished": "2018-02-18T06:00:00", "dateReserved": "2018-02-17T00:00:00", "dateUpdated": "2024-08-05T06:24:11.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "930EE49D-7E82-40BB-9C3D-457BB7E44DCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "EE416E39-205E-4B32-A9A4-7C5A1BEEF3EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "51C9FD61-BAC7-492D-8B9E-FD92A941A271", "vulnerable": true}, {"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "AB506C8A-7A0B-448F-95E3-E76F34A48A77", "vulnerable": true}, {"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "D1FE1D1C-CD3E-44A8-9D72-289E429118AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "84451DDB-957A-4F3E-B030-D77274F4C3BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "B465B510-DAE3-427D-92E1-A117946A7A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "EE65794E-2D28-4E87-918E-138C8890A873", "vulnerable": true}, {"criteria": "cpe:2.3:a:sinatrarb:sinatra:2.0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "F5814498-8462-45D3-91B1-C0B02B90E16C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters."}, {"lang": "es", "value": "Se ha descubierto un problema en rack-protection/lib/rack/protection/path_traversal.rb en las versiones 2.x de Sinatra anteriores a la 2.0.1 en Windows. Es posible el salto de directorio mediante caracteres de barra diagonal invertida."}], "id": "CVE-2018-7212", "lastModified": "2024-11-21T04:11:48.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-18T06:29:00.217", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/sinatra/sinatra/pull/1379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/sinatra/sinatra/pull/1379"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "rubygem-sinatra: path traversal via backslash characters", "id": "1802282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802282"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.", "A flaw was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra version 2.x before 2.0.1 on Windows. This flaw allows for path traversal on the system that contains backslash characters in the path. This flaw only affects Sinatra on Windows, Linux platforms are not affected."], "name": "CVE-2018-7212", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack-optools:10", "fix_state": "Not affected", "package_name": "rubygem-sinatra", "product_name": "Red Hat OpenStack Platform 10 (Newton) Operational Tools"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "rubygem-sinatra", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "tfm-ror51-rubygem-sinatra", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-ror50-rubygem-sinatra", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "rubygem-sinatra", "product_name": "Red Hat Storage 3"}], "public_date": "2018-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-7212\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7212"], "threat_severity": "Low"}