CVE 2022-29970

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

Related bugs and status

CVE-2022-29970 (Candidate) is related to these bugs:

Bug #1990579: [MIR] Promote ruby-sinatra to main as a pcs dependency

Summary				In	Importance	Status
	1990579	[MIR] Promote ruby-sinatra to main as a pcs dependency		ruby-sinatra (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.