---
gem: sinatra
cve: 2018-7212
url: https://github.com/sinatra/sinatra/pull/1379
date: 2018-01-09
title: sinatra ruby gem path traversal via backslash characters on Windows
description: |
  An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb
  in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash
  characters.

cvss_v3: 5.3
cvss_v2: 5.0

patched_versions:
  - ">= 2.0.1"

unaffected_versions:
  - "< 2.0.0"