CVE-2018-11627: Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

medium6.1CVSS 3.0

AVNACLPRNUIRSCCLILAN

Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

5 ranges

Vendor	Product	Version range	Fixed in
debian	ruby-sinatra	—	—
redhat	cloudforms	—	—
redhat	cloudforms	—	—
sinatra	sinatra	>= 2.0.0 < 2.0.2	2.0.2
sinatrarb	sinatra	< 2.0.2	2.0.2

nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

osv6.1MEDIUM