A ReDoS vulnerability (CVE-2025-61921) has been discovered in Sinatra's ETag header parsing for If-Match and If-None-Match headers. Applications using the etag method with Ruby versions below 3.2 are vulnerable to denial of service attacks through carefully crafted input. The issue is patched in Sinatra version 4.2.0 and above, or by upgrading to Ruby 3.2+.
Sort: