5 matches found
rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...
[SECURITY] [DSA 4242-1] ruby-sprockets security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4242-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 09, 2018 https://www.debian.org/security/faq -...
openSUSE Security Update : rubygem-sprockets (openSUSE-2018-686)
This update for rubygem-sprockets fixes the following issues : The following security vulnerability was addressed : - CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files via specially crafted requests...
DEBIAN-CVE-2014-7819
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...
CVE-2014-7819
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...