Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/ruby-sprockets@3.7.0-1%2Bdeb9u1
purl pkg:deb/debian/ruby-sprockets@3.7.0-1%2Bdeb9u1
Next non-vulnerable version 3.7.2-1
Latest non-vulnerable version 3.7.2-1
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-s6cp-dk5r-v3aw
Aliases:
CVE-2018-3760
GHSA-pr3h-jjhj-573x
Information Exposure The package sprockets may leak confidential information. Specially crafted requests can be used to access files that exist on the filesystem that are outside an application's root directory when the server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
3.7.2-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-s6cp-dk5r-v3aw Information Exposure The package sprockets may leak confidential information. Specially crafted requests can be used to access files that exist on the filesystem that are outside an application's root directory when the server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. CVE-2018-3760
GHSA-pr3h-jjhj-573x

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T21:29:59.661403+00:00 Debian Oval Importer Affected by VCID-s6cp-dk5r-v3aw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:40:21.541416+00:00 Debian Oval Importer Fixing VCID-s6cp-dk5r-v3aw https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.4.0
2026-04-11T21:09:08.316725+00:00 Debian Oval Importer Affected by VCID-s6cp-dk5r-v3aw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T14:28:39.170939+00:00 Debian Oval Importer Fixing VCID-s6cp-dk5r-v3aw https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.3.0
2026-04-08T20:48:10.396431+00:00 Debian Oval Importer Affected by VCID-s6cp-dk5r-v3aw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T23:02:03.477428+00:00 Debian Oval Importer Fixing VCID-s6cp-dk5r-v3aw https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.1.0