Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:0855 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12150 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0974 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0974 advisory.

  - sinatra: Reflected File Download attack (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12137 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0855 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0855 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0855 advisory.

  - sinatra: Reflected File Download attack (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0857 advisory.

  - sinatra: Reflected File Download attack (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0527 advisory.

  - sinatra: Reflected File Download attack (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0506 advisory.

  - sinatra: Reflected File Download attack (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0427 advisory.

  - sinatra: Reflected File Download attack (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0393 advisory.

  - sinatra: Reflected File Download attack (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3264 advisory.

  - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in     Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download     (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from     user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. (CVE-2022-45442)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
190200	CentOS 8 : pcs (CESA-2023:0855)	Nessus	CentOS Local Security Checks	high
172038	Oracle Linux 9 : pcs (ELSA-2023-12150)	Nessus	Oracle Linux Local Security Checks	high
172001	AlmaLinux 9 : pcs (ALSA-2023:0974)	Nessus	Alma Linux Local Security Checks	high
171976	RHEL 9 : pcs (RHSA-2023:0974)	Nessus	Red Hat Local Security Checks	high
171798	Oracle Linux 8 : pcs (ELSA-2023-12137)	Nessus	Oracle Linux Local Security Checks	high
171763	Rocky Linux 8 : pcs (RLSA-2023:0855)	Nessus	Rocky Linux Local Security Checks	high
171730	AlmaLinux 8 : pcs (ALSA-2023:0855)	Nessus	Alma Linux Local Security Checks	high
171719	RHEL 8 : pcs (RHSA-2023:0855)	Nessus	Red Hat Local Security Checks	high
171699	RHEL 8 : pcs (RHSA-2023:0857)	Nessus	Red Hat Local Security Checks	high
170876	RHEL 9 : pcs (RHSA-2023:0527)	Nessus	Red Hat Local Security Checks	high
170869	RHEL 8 : pcs (RHSA-2023:0506)	Nessus	Red Hat Local Security Checks	high
170511	RHEL 8 : pcs (RHSA-2023:0427)	Nessus	Red Hat Local Security Checks	high
170500	RHEL 8 : pcs (RHSA-2023:0393)	Nessus	Red Hat Local Security Checks	high
169802	Debian DLA-3264-1 : ruby-sinatra - LTS security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2022-45442

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high