Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2018/09/04 6:0 p.m.6 views

rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...

7.5CVSS7.3AI score0.26717EPSS
Exploits2References6
Debian
Debian
added 2018/07/09 9:6 p.m.28 views

[SECURITY] [DSA 4242-1] ruby-sprockets security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4242-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 09, 2018 https://www.debian.org/security/faq -...

7.5CVSS7.5AI score0.26717EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/07/02 12:0 a.m.30 views

openSUSE Security Update : rubygem-sprockets (openSUSE-2018-686)

This update for rubygem-sprockets fixes the following issues : The following security vulnerability was addressed : - CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files via specially crafted requests...

7.5CVSS7.6AI score0.26717EPSS
Exploits2References2
OSV
OSV
added 2014/11/08 11:55 a.m.1 views

DEBIAN-CVE-2014-7819

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

5CVSS7.1AI score0.0386EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/11/08 11:55 a.m.19 views

CVE-2014-7819

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

5CVSS7.2AI score0.0386EPSS
Exploits0References1
Rows per page
Query Builder