CNNVD-202510-1411 Information
CNNVD ID
CNNVD-202510-1411
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
Sinatra是Sinatra开源的一个DSL,用于以最少的努力快速创建Ruby中的web应用程序 Sinatra 4.2.0之前版本存在安全漏洞,该漏洞源于If-Match和If-None-Match标头解析组件存在缺陷,可能导致拒绝服务攻击。
Description (English)
Sinatra is a DSL from the Sinatra Open Source for quick creation of web applications in Ruby with minimal effort The previous version of Sinatra 4.2.0 had a security loophole, which stemmed from defects in the components of the If-Match and If-None-Match calibration, which could lead to the denial of service attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Sinatra
Published
2025-10-10
Last Modified
2026-02-24
References
https://bugs.ruby-lang.org/issues/19104 https://github.com/sinatra/sinatra/issues/2120 https://github.com/sinatra/sinatra/pull/1823 https://github.com/sinatra/sinatra/pull/2121 https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
Patch
https://github.com/sinatra/sinatra/tags
Share on: