Miggo Logo
Miggo Vulnerability Database
CVE-2022-45442

CVE-2022-45442: Sinatra vulnerable to Reflected File Download attack

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-45442
GHSA ID
GHSA-2x8x-jmrp-phxw
EPSS Score
0.35115%
CWE
CWE-494
Published
11/30/2022
Updated
2/3/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
sinatrarubygems>= 3.0, < 3.0.43.0.4
sinatrarubygems>= 2.0.0, < 2.2.32.2.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper escaping in the Content-Disposition header's filename parameter. The GitHub patch shows the attachment method in lib/sinatra/base.rb was modified to add escaping via gsub(/["\r\n]/). The commit message explicitly references fixing filename escaping for multipart form data compliance. The test case added in test/helpers_test.rb demonstrates the attack scenario where a filename containing ;\r\n is sanitized, confirming this function's role. No other functions in the diff appear to handle user-controlled filename input for headers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### **s*ription *n issu* w*s *is*ov*r** in Sin*tr* *.* ***or* *.*.* *n* *.* ***or* *.*.*. *n *ppli**tion is vuln*r**l* to * r**l**t** *il* *ownlo** (R**) *tt**k t**t s*ts t** *ont*nt-*isposition *****r o* * r*spons* w**n t** *il*n*m* is **riv** *rom

Reasoning

T** vuln*r**ility st*ms *rom improp*r *s**pin* in t** *ont*nt-*isposition *****r's *il*n*m* p*r*m*t*r. T** *it*u* p*t** s*ows t** `*tt***m*nt` m*t*o* in li*/sin*tr*/**s*.r* w*s mo*i*i** to *** *s**pin* vi* *su*(/["\r\n]/). T** *ommit m*ss*** *xpli*it