FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sinatra -- XSS vulnerability

Affected packages
2.0.0 <= rubygem-sinatra < 2.0.2

Details

VuXML ID ca05d9da-ac1d-4113-8a05-ffe9cd0d6160
Discovery 2018-06-09
Entry 2018-07-31

Sinatra blog:

Sinatra had a critical vulnerability since v2.0.0. The purpose of this release is to fix CVE-2018-11627.

The vulnerability is that XSS can be executed by using illegal parameters.

References

CVE Name CVE-2018-11627
URL http://sinatrarb.com/2018/06/09/sinatra-2.0.2-and-2.0.3.html
URL https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md