CVE-2022-29970
Path Traversal vulnerability in sinatra (RubyGems)
What is CVE-2022-29970 About?
Sinatra before version 2.2.0 does not adequately validate paths when serving static files, leading to a path traversal vulnerability. This could allow an attacker to access arbitrary files outside the expected public directory. Exploitation is moderate, depending on server configuration and accessible file paths.
Affected Software
Technical Details
The vulnerability in Sinatra before 2.2.0 lies in its static file serving mechanism. Specifically, the framework fails to properly validate whether an expanded path requested by a client matches the configured public_dir. This oversight means that if an attacker crafts a request containing directory traversal sequences (e.g., ../../), Sinatra interprets these sequences and retrieves files located outside the designated public directory, potentially exposing sensitive files on the server's file system that were not intended for public access. The core issue is the lack of canonicalization or strict path validation against the base public directory boundary.
What is the Impact of CVE-2022-29970?
Successful exploitation may allow attackers to read arbitrary files from the server's file system, leading to information disclosure.
What is the Exploitability of CVE-2022-29970?
Exploitation of this vulnerability involves crafting specific URLs with path traversal sequences. The complexity is moderate, as it requires knowledge of the server's file system structure or the ability to probe for common sensitive file locations. No authentication is required, as the vulnerability affects the static file serving mechanism. The exploit is remote, typically achieved through HTTP requests. The likelihood of exploitation increases if the server hosts sensitive files outside the web root but within the reach of traversal sequences.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-29970?
Available Upgrade Options
- sinatra
- <2.2.0 → Upgrade to 2.2.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
- https://github.com/skylightio/skylight-ruby/pull/294
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sinatra/CVE-2022-29970.yml
- https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
- https://github.com/sinatra/sinatra
- https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html
- https://osv.dev/vulnerability/GHSA-qp49-3pvw-x4m5
- https://lists.debian.org/debian-lts-announce/2022/10/msg00034.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00020.html
- https://github.com/sinatra/sinatra/pull/1683
What are Similar Vulnerabilities to CVE-2022-29970?
Similar Vulnerabilities: CVE-2022-23094 , CVE-2021-39188 , CVE-2021-39187 , CVE-2021-38501 , CVE-2020-5259
