24 matches found
ruby4.0-rubygem-sprockets-4.2.1-1.9 on GA media (moderate)
ruby4.0-rubygem-sprockets-4.2.1-1.9 on GA media Announcement ID: openSUSE-SU-2026:10364-1 Rating: moderate Cross-References: CVE-2018-3760 CVSS scores: CVE-2018-3760 SUSE : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one...
ruby4.0-rubygem-sprockets-3.7-3.7.5-1.5 on GA media (moderate)
ruby4.0-rubygem-sprockets-3.7-3.7.5-1.5 on GA media Announcement ID: openSUSE-SU-2026:10365-1 Rating: moderate Cross-References: CVE-2018-3760 CVSS scores: CVE-2018-3760 SUSE : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one...
ruby3.4-rubygem-sprockets-4.2.1-1.7 on GA media (moderate)
ruby3.4-rubygem-sprockets-4.2.1-1.7 on GA media Announcement ID: openSUSE-SU-2025:15127-1 Rating: moderate Cross-References: CVE-2018-3760 CVSS scores: CVE-2018-3760 SUSE : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one...
ruby3.4-rubygem-sprockets-3.7-3.7.5-1.3 on GA media (moderate)
ruby3.4-rubygem-sprockets-3.7-3.7.5-1.3 on GA media Announcement ID: openSUSE-SU-2025:15128-1 Rating: moderate Cross-References: CVE-2018-3760 CVSS scores: CVE-2018-3760 SUSE : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one...
CVE-2018-3760
creationtimestamp| type| source ---|---|--- 2024-12-23 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-12-23 2024-12-24 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-24 2024-12-29 00:00:00+00:00| seen| The Shadowserver...
RHEL 6 / 7 : rh-ror50-rubygem-sprockets (RHSA-2018:2245)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2245 advisory. Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Redhat Cloudforms
CVE-2018-3760 Rails Asset Pipeline Directory Traversal Vuln...
openSUSE Security Update : rubygem-sprockets (openSUSE-2019-542)
This update for rubygem-sprockets fixes the following issues : The following security vulnerability was addressed : - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files bsc1098369 This update was imported fr...
openSUSE: Security Advisory for rubygem-sprockets (openSUSE-SU-2018:2124-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Important: Red Hat Security Advisory: CloudForms 4.5.5 security, bug fix and enhancement update
An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Ruby on Rails 路径穿越与任意文件读取漏洞(CVE-2018-3760)分析
漏洞公告 该漏洞由安全研究人员 Orange Tsai发现。漏洞公告来自 https://groups.google.com/forum/!topic/rubyonrails-security/ftJ--l55fM There is an information leak vulnerability in Sprockets. This vulnerability has been assigned the CVE identifier CVE-2018-3760. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower,...
openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)
This update for rubygem-sprockets fixes the following issues : The following security vulnerability was addressed : - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files bsc1098369 This update was imported fr...
Important: Red Hat Security Advisory: rh-ror50-rubygem-sprockets security update
An update for rh-ror50-rubygem-sprockets is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SUSE-SU-2018:1994-1 Security update for rubygem-sprockets
This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files bsc1098369...
[SECURITY] [DLA-1419-1] ruby-sprockets security update
Package : ruby-sprockets Version : 2.12.3-1+deb8u1 CVE IDs : CVE-2018-3760 Debian Bug : 901913 It was discovered that there was a discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker could take advantage of this flaw to read arbitrary files...
Debian DSA-4242-1 : ruby-sprockets - security update
Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application's root directory via specially crafted requests, when the Sprockets server is used in production. C...
[SECURITY] [DSA 4242-1] ruby-sprockets security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4242-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 09, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4242-1] ruby-sprockets security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4242-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 09, 2018 https://www.debian.org/security/faq -...
openSUSE Security Update : rubygem-sprockets (openSUSE-2018-686)
This update for rubygem-sprockets fixes the following issues : The following security vulnerability was addressed : - CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files via specially crafted requests...
openSUSE: Security Advisory for rubygem-sprockets (openSUSE-SU-2018:1854-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...