DebianDEBIAN:DLA-1419-1:7C53E[SECURITY] [DLA-1419-1] ruby-sprockets security update
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.6 High
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.7%
Package : ruby-sprockets
Version : 2.12.3-1+deb8u1
CVE IDs : CVE-2018-3760
Debian Bug : #901913
It was discovered that there was a discovered a path traversal flaw
in ruby-sprockets, a Rack-based asset packaging system. A remote
attacker could take advantage of this flaw to read arbitrary files
outside an application's root directory via "file://" requests.
For Debian 8 "Jessie", this issue has been fixed in ruby-sprockets version
2.12.3-1+deb8u1.
We recommend that you upgrade your ruby-sprockets packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | all | ruby-sprockets | <Β 2.12.3-1+deb8u1 | ruby-sprockets_2.12.3-1+deb8u1_all.deb |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.6 High
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.7%