#VU71475 Download of code without integrity check in Sinatra


Published: 2023-01-24

Vulnerability identifier: #VU71475

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45442

CWE-ID: CWE-494

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sinatra
Web applications / Remote management & hosting panels

Vendor: Sinatra

Description

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to software is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. A remote attacker cam compromise the affected system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Sinatra: 2.0.0 - 3.0.3

External links
http://github.com/advisories/GHSA-8x94-hmjh-97hq
http://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b
http://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
http://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf
http://lists.debian.org/debian-lts-announce/2023/01/msg00005.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 9 update for pcs
Red Hat Enterprise Linux 8 update for pcs
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions update for pcs
Red Hat Enterprise Linux 8.4 Extended Update Support update for pcs
Red Hat Enterprise Linux 9.0 Extended Update Support update for pcs
Red Hat Enterprise Linux 8.6 Extended Update Support update for pcs
Red Hat Enterprise Linux 8 update for pcs
Remote code execution in Sinatra