Lucene search
Veracode Vulnerability DatabaseVERACODE:12983HistoryJan 15, 2019 - 9:24 a.m.
Directory Traversal
2019-01-1509:24:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
EPSS
0.016
Percentile
87.7%
sprockets is vulnerable to directory traversals. A malicious user can send a http request with the file:// parameter to request and download files from the server.
References
access.redhat.com/errata/RHSA-2018:2244
access.redhat.com/errata/RHSA-2018:2245
access.redhat.com/errata/RHSA-2018:2561
access.redhat.com/errata/RHSA-2018:2745
access.redhat.com/security/updates/classification/#important
github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5fhttps://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5
groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ
www.debian.org/security/2018/dsa-4242
Related
suse
suse
Security update for rubygem-sprockets (important)
2018-06-29 21:15:11
Security update for rubygem-sprockets (moderate)
2018-07-28 16:02:02
openvas
openvas
Debian: Security Advisory (DLA-1419-1)
2018-07-15 00:00:00
Discourse < 2.2.0.beta2 Information Leak Vulnerability
2019-01-30 00:00:00
Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4
2018-07-15 00:00:00
ubuntucve
ubuntucve
CVE-2018-3760
2018-06-26 00:00:00
debian
debian
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:06:50
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:06:50
[SECURITY] [DLA-1419-1] ruby-sprockets security update
2018-07-12 09:30:56
osv
osv
ruby-sprockets - security update
2018-07-09 00:00:00
ruby3.2-rubygem-sprockets-3.7-3.7.2-1.20 on GA media
2024-06-15 00:00:00
Sprockets path traversal leads to information leak
2018-06-20 22:18:58
hackerone
hackerone
nuclei
nuclei
Ruby On Rails - Local File Inclusion
2020-04-05 18:01:09
nvd
nvd
CVE-2018-3760
2018-06-26 19:29:00
rubygems
rubygems
Path Traversal in Sprockets
2018-06-18 21:00:00
nessus
nessus
openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)
2018-07-30 00:00:00
Debian DSA-4242-1 : ruby-sprockets - security update
2018-07-10 00:00:00
Fedora 27 : rubygem-sprockets (2018-fd29597fa4)
2018-07-24 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: rubygem-sprockets-3.7.2-1.fc27
2018-07-14 23:36:29
[SECURITY] Fedora 28 Update: rubygem-sprockets-3.7.2-1.fc28
2018-07-15 03:33:48
veracode
veracode
Directory Traversal
2018-06-20 08:36:16
cvelist
cvelist
CVE-2018-3760
2018-06-26 19:00:00
cve
cve
CVE-2018-3760
2018-06-26 19:29:00
redhat
redhat
(RHSA-2018:2244) Important: rh-ror42-rubygem-sprockets security update
2018-07-24 07:16:08
(RHSA-2018:2245) Important: rh-ror50-rubygem-sprockets security update
2018-07-24 07:16:12
seebug
seebug
Ruby on Rails θ·―εΎη©ΏθΆδΈδ»»ζζδ»Άθ―»εζΌζ΄(CVE-2018-3760)εζ
2018-08-08 00:00:00
redhatcve
redhatcve
CVE-2018-3760
2019-10-09 16:26:49
prion
prion
Information disclosure
2018-06-26 19:29:00
debiancve
debiancve
CVE-2018-3760
2018-06-26 19:29:00
github
github
Sprockets path traversal leads to information leak
2018-06-20 22:18:58