Bug 2081096 (CVE-2022-29970) - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files
Summary: CVE-2022-29970 sinatra: path traversal possible outside of public_dir when se...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-29970
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2081138 2081139 2081142 2081327 2081328 2081329 2081330 2081331 2081332 2081333 2081334 2081335 2082104 2082105 2082106 2082107 2082108 2082109 2082110 2082111 2082112 2082113 2082114 2082115 2082116 2082117 2082118 2082119 2082120 2082121 2082122 2082123
Blocks: 2081098
TreeView+ depends on / blocked
 
Reported: 2022-05-02 18:15 UTC by Todd Cullum
Modified: 2022-11-23 03:44 UTC (History)
28 users (show)

Fixed In Version: sinatra 2.2.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.
Clone Of:
Environment:
Last Closed: 2022-05-18 19:33:19 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:2253 0 None None None 2022-05-16 08:08:17 UTC
Red Hat Product Errata RHSA-2022:2255 0 None None None 2022-05-16 07:50:04 UTC
Red Hat Product Errata RHSA-2022:2256 0 None None None 2022-05-16 08:08:46 UTC
Red Hat Product Errata RHSA-2022:4587 0 None None None 2022-05-18 00:53:05 UTC
Red Hat Product Errata RHSA-2022:4661 0 None None None 2022-05-18 15:25:57 UTC
Red Hat Product Errata RHSA-2022:8506 0 None None None 2022-11-16 13:32:19 UTC

Description Todd Cullum 2022-05-02 18:15:30 UTC 
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Reference:
https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
Comment 1 Guilherme de Almeida Suckevicz 2022-05-02 20:36:12 UTC 
Created rubygem-sinatra tracking bugs for this issue:

Affects: epel-all [bug 2081138]
Affects: fedora-all [bug 2081139]
Comment 7 errata-xmlrpc 2022-05-16 07:50:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:2255 https://access.redhat.com/errata/RHSA-2022:2255
Comment 8 errata-xmlrpc 2022-05-16 08:08:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:2253 https://access.redhat.com/errata/RHSA-2022:2253
Comment 9 errata-xmlrpc 2022-05-16 08:08:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:2256 https://access.redhat.com/errata/RHSA-2022:2256
Comment 10 errata-xmlrpc 2022-05-18 00:53:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4587 https://access.redhat.com/errata/RHSA-2022:4587
Comment 11 errata-xmlrpc 2022-05-18 15:25:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:4661 https://access.redhat.com/errata/RHSA-2022:4661
Comment 12 Product Security DevOps Team 2022-05-18 19:33:16 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29970
Comment 13 errata-xmlrpc 2022-11-16 13:32:16 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.12 for RHEL 8

Via RHSA-2022:8506 https://access.redhat.com/errata/RHSA-2022:8506
Note You need to log in before you can comment on or make changes to this bug.