It was found that Sinatra is vulnerable to an XSS via the 400 Bad Request page that occurs upon a params parser exception. Upstream issue: https://github.com/sinatra/sinatra/issues/1428 Introduced by: https://github.com/sinatra/sinatra/commit/8f8df53ff29938ace79b31097c27d9cdac803b44 Upstream patch: https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
Created rubygem-sinatra tracking bugs for this issue: Affects: fedora-all [bug 1585221]
This issue has been addressed in the following products: CloudForms Management Engine 5.10 Via RHSA-2019:0212 https://access.redhat.com/errata/RHSA-2019:0212
This issue has been addressed in the following products: CloudForms Management Engine 5.9 Via RHSA-2019:0315 https://access.redhat.com/errata/RHSA-2019:0315