CVE-2018-11627

NONE EPSS 80.4%
Published May 31, 20188y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published May 31, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

Threat Intelligence

EPSS Exploit Probability
80.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 3

VendorProductVersionRange
sinatrarbsinatra* <2.0.2
redhatcloudforms4.6any
redhatcloudforms4.7any

References 4

  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:0212
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:0315
    Third Party Advisory
  • github.com https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
    PatchThird Party Advisory
  • github.com https://github.com/sinatra/sinatra/issues/1428
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
    PatchThird Party Advisory