| Release | Version |
|---|---|
| bullseye | 2.0.8.1-2 |
| bullseye (security) | 2.0.8.1-2+deb11u1 |
| bookworm | 3.0.5-3 |
| trixie | 4.1.1-5 |
| forky | 4.2.1-1 |
| sid | 4.2.1-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-61921 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA, ignored) | fixed | fixed | Sinatra is a domain-specific language for creating web applications in ... |
| CVE-2024-21510 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Versions of the package sinatra from 0.0.0 are vulnerable to Reliance ... |
| Bug | Description |
|---|---|
| CVE-2022-45442 | Sinatra is a domain-specific language for creating web applications in ... |
| CVE-2022-29970 | Sinatra before 2.2.0 does not validate that the expanded path matches ... |
| CVE-2018-11627 | Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs ... |
| DSA / DLA | Description |
|---|---|
| DLA-3877-1 | ruby-sinatra - security update |
| DLA-3264-1 | ruby-sinatra - security update |
| DLA-3166-1 | ruby-sinatra - security update |