Bug 2081096 (CVE-2022-29970) - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files
Summary: CVE-2022-29970 sinatra: path traversal possible outside of public_dir when se...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-29970
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2081138 2081139 2081142 2081332 2081334 2082122 2082123 2081327 2081328 2081329 2081330 2081331 2081333 2081335 2082104 2082105 2082106 2082107 2082108 2082109 2082110 2082111 2082112 2082113 2082114 2082115 2082116 2082117 2082118 2082119 2082120 2082121
Blocks: 2081098
TreeView+ depends on / blocked
 
Reported: 2022-05-02 18:15 UTC by Todd Cullum
Modified: 2022-05-18 19:33 UTC (History)
28 users (show)

Fixed In Version: sinatra 2.2.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.
Clone Of:
Environment:
Last Closed: 2022-05-18 19:33:19 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:2253 0 None None None 2022-05-16 08:08:17 UTC
Red Hat Product Errata RHSA-2022:2255 0 None None None 2022-05-16 07:50:04 UTC
Red Hat Product Errata RHSA-2022:2256 0 None None None 2022-05-16 08:08:46 UTC
Red Hat Product Errata RHSA-2022:4587 0 None None None 2022-05-18 00:53:05 UTC
Red Hat Product Errata RHSA-2022:4661 0 None None None 2022-05-18 15:25:57 UTC

Description Todd Cullum 2022-05-02 18:15:30 UTC
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Reference:
https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e

Comment 1 Guilherme de Almeida Suckevicz 2022-05-02 20:36:12 UTC
Created rubygem-sinatra tracking bugs for this issue:

Affects: epel-all [bug 2081138]
Affects: fedora-all [bug 2081139]

Comment 7 errata-xmlrpc 2022-05-16 07:50:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:2255 https://access.redhat.com/errata/RHSA-2022:2255

Comment 8 errata-xmlrpc 2022-05-16 08:08:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:2253 https://access.redhat.com/errata/RHSA-2022:2253

Comment 9 errata-xmlrpc 2022-05-16 08:08:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:2256 https://access.redhat.com/errata/RHSA-2022:2256

Comment 10 errata-xmlrpc 2022-05-18 00:53:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4587 https://access.redhat.com/errata/RHSA-2022:4587

Comment 11 errata-xmlrpc 2022-05-18 15:25:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:4661 https://access.redhat.com/errata/RHSA-2022:4661

Comment 12 Product Security DevOps Team 2022-05-18 19:33:16 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29970


Note You need to log in before you can comment on or make changes to this bug.