CVE-2018-11627
NONE EPSS 80.4%
Published May 31, 20188y ago ยท Modified Jun 17, 20262w ago
Published May 31, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Threat Intelligence
EPSS Exploit Probability
80.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 3
References 4
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:0212
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:0315
- github.com https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
- github.com https://github.com/sinatra/sinatra/issues/1428
Remediation
- github.com https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a