CVE-2018-11627 Medium Severity Vulnerability detected by WhiteSource #4

mend-bolt-for-github · 2019-02-28T00:59:29Z

CVE-2018-11627 - Medium Severity Vulnerability

Vulnerable Library - sinatra-1.4.8.gem

Sinatra is a DSL for quickly creating web applications in Ruby with minimal effort.

path: /var/lib/gems/2.3.0/cache/sinatra-1.4.8.gem

Dependency Hierarchy:

jekyll-admin-0.8.1.gem (Root Library)
- ❌ sinatra-1.4.8.gem (Vulnerable Library)

Vulnerability Details

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

Publish Date: 2018-05-31

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Release Date: 2018-05-30

Fix Resolution: Replace or update the following file: base.rb

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

vladzima · 2019-02-28T01:00:48Z

Not an issue.

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 28, 2019

vladzima self-assigned this Feb 28, 2019

vladzima closed this as completed Feb 28, 2019