Search for packages
| purl | pkg:deb/debian/ruby-sprockets@4.2.1-3?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-g8de-56gr-37cf | Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists. |
CVE-2014-7819
GHSA-33pp-3763-mrfp OSV-113965 |
| VCID-s6cp-dk5r-v3aw | Information Exposure The package sprockets may leak confidential information. Specially crafted requests can be used to access files that exist on the filesystem that are outside an application's root directory when the server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. |
CVE-2018-3760
GHSA-pr3h-jjhj-573x |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T12:55:27.609568+00:00 | Debian Importer | Fixing | VCID-s6cp-dk5r-v3aw | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T09:10:43.276899+00:00 | Debian Importer | Fixing | VCID-g8de-56gr-37cf | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T08:52:28.898844+00:00 | Debian Importer | Fixing | VCID-s6cp-dk5r-v3aw | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T18:08:39.112595+00:00 | Debian Importer | Fixing | VCID-g8de-56gr-37cf | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:52:23.930495+00:00 | Debian Importer | Fixing | VCID-s6cp-dk5r-v3aw | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:52:23.880069+00:00 | Debian Importer | Fixing | VCID-g8de-56gr-37cf | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |