{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-29970", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-04T16:09:45.370Z", "dateReserved": "2022-05-02T00:00:00.000Z", "datePublished": "2022-05-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-28T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e"}, {"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3166-1] ruby-sinatra security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3166-1] ruby-sinatra security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T16:09:45.370Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sinatrarb:sinatra:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E1C25C0-E87E-430F-8CC9-BD6C4AF20217", "versionEndExcluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files."}, {"lang": "es", "value": "Sinatra versiones anteriores a 2.2.0, no comprueba que la ruta expandida coincida con public_dir cuando sirve archivos est\u00e1ticos"}], "id": "CVE-2022-29970", "lastModified": "2025-11-04T16:15:49.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-02T05:15:06.767", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:4661", "cpe": "cpe:/a:redhat:enterprise_linux:8::highavailability", "package": "pcs-0:0.10.12-6.el8_6.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:2255", "cpe": "cpe:/a:redhat:rhel_e4s:8.1::highavailability", "package": "pcs-0:0.10.2-4.el8_1.2", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-05-16T00:00:00Z"}, {"advisory": "RHSA-2022:2253", "cpe": "cpe:/a:redhat:rhel_eus:8.2::highavailability", "package": "pcs-0:0.10.4-6.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-05-16T00:00:00Z"}, {"advisory": "RHSA-2022:2256", "cpe": "cpe:/a:redhat:rhel_eus:8.4::highavailability", "package": "pcs-0:0.10.8-1.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-05-16T00:00:00Z"}, {"advisory": "RHSA-2022:4587", "cpe": "cpe:/a:redhat:enterprise_linux:9::highavailability", "package": "pcs-0:0.11.1-10.el9_0.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:8506", "cpe": "cpe:/a:redhat:satellite:6.12::el8", "package": "rubygem-sinatra-1:2.2.0-1.el8sat", "product_name": "Red Hat Satellite 6.12 for RHEL 8", "release_date": "2022-11-16T00:00:00Z"}, {"advisory": "RHSA-2022:8506", "cpe": "cpe:/a:redhat:satellite_capsule:6.12::el8", "package": "rubygem-sinatra-1:2.2.0-1.el8sat", "product_name": "Red Hat Satellite 6.12 for RHEL 8", "release_date": "2022-11-16T00:00:00Z"}], "bugzilla": {"description": "sinatra: path traversal possible outside of public_dir when serving static files", "id": "2081096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081096"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.", "A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served."], "mitigation": {"lang": "en:us", "value": "Disable the static option which will disable the public_dir option. With this configuration, Sinatra will not serve files from the public directory and therefore files outside of it."}, "name": "CVE-2022-29970", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-ror51-rubygem-mustermann", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-ror51-rubygem-rack-protection", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-ror51-rubygem-sinatra", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-ror52-rubygem-mustermann", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-ror52-rubygem-rack-protection", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-ror52-rubygem-sinatra", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-rubygem-mustermann", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-rubygem-rack-protection", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "tfm-rubygem-sinatra", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "rubygem-sinatra", "product_name": "Red Hat Storage 3"}], "public_date": "2022-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-29970\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29970"], "threat_severity": "Important"}