Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2018-3760
HistoryOct 09, 2019 - 4:26 p.m.

CVE-2018-3760

2019-10-0916:26:49
redhat.com
access.redhat.com
13

EPSS

0.016

Percentile

87.7%

JSON

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application’s root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.

Mitigation

Ensure config.assets.compile = false in production.rb.

Related

suse 2
openvas 8
ubuntucve 1
debian 3
osv 8
hackerone 1
nuclei 1
nvd 1
rubygems 1
nessus 8
fedora 2
veracode 2
cvelist 1
cve 1
redhat 4
seebug 1
prion 1
debiancve 1
github 1
suse
suse
Security update for rubygem-sprockets (important)
2018-06-29 21:15:11
Security update for rubygem-sprockets (moderate)
2018-07-28 16:02:02
openvas
openvas
Debian: Security Advisory (DLA-1419-1)
2018-07-15 00:00:00
Discourse < 2.2.0.beta2 Information Leak Vulnerability
2019-01-30 00:00:00
Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4
2018-07-15 00:00:00
ubuntucve
ubuntucve
CVE-2018-3760
2018-06-26 00:00:00
debian
debian
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:06:50
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:06:50
[SECURITY] [DLA-1419-1] ruby-sprockets security update
2018-07-12 09:30:56
osv
osv
ruby-sprockets - security update
2018-07-09 00:00:00
ruby3.2-rubygem-sprockets-3.7-3.7.2-1.20 on GA media
2024-06-15 00:00:00
Sprockets path traversal leads to information leak
2018-06-20 22:18:58
hackerone
hackerone
Ruby on Rails: Path Traversal on Default Installed Rails Application (Asset Pipeline)
2018-01-22 10:42:20
nuclei
nuclei
Ruby On Rails - Local File Inclusion
2020-04-05 18:01:09
nvd
nvd
CVE-2018-3760
2018-06-26 19:29:00
rubygems
rubygems
Path Traversal in Sprockets
2018-06-18 21:00:00
nessus
nessus
openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)
2018-07-30 00:00:00
Debian DSA-4242-1 : ruby-sprockets - security update
2018-07-10 00:00:00
Fedora 27 : rubygem-sprockets (2018-fd29597fa4)
2018-07-24 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: rubygem-sprockets-3.7.2-1.fc27
2018-07-14 23:36:29
[SECURITY] Fedora 28 Update: rubygem-sprockets-3.7.2-1.fc28
2018-07-15 03:33:48
veracode
veracode
Directory Traversal
2018-06-20 08:36:16
Directory Traversal
2019-01-15 09:24:20
cvelist
cvelist
CVE-2018-3760
2018-06-26 19:00:00
cve
cve
CVE-2018-3760
2018-06-26 19:29:00
redhat
redhat
(RHSA-2018:2244) Important: rh-ror42-rubygem-sprockets security update
2018-07-24 07:16:08
(RHSA-2018:2245) Important: rh-ror50-rubygem-sprockets security update
2018-07-24 07:16:12
(RHSA-2018:2745) Important: CloudForms 4.5.5 security, bug fix and enhancement update
2018-09-26 18:25:56
seebug
seebug
Ruby on Rails θ·―εΎ„η©ΏθΆŠδΈŽδ»»ζ„ζ–‡δ»Άθ―»ε–ζΌζ΄ž(CVE-2018-3760)εˆ†ζž
2018-08-08 00:00:00
prion
prion
Information disclosure
2018-06-26 19:29:00
debiancve
debiancve
CVE-2018-3760
2018-06-26 19:29:00
github
github
Sprockets path traversal leads to information leak
2018-06-20 22:18:58

EPSS

0.016

Percentile

87.7%

JSON
Related for RH:CVE-2018-3760
suse2openvas8ubuntucve1debian3osv8hackerone1nuclei1nvd1rubygems1nessus8fedora2veracode2cvelist1cve1redhat4seebug1prion1debiancve1github1