Search for packages
| purl | pkg:gem/sprockets@2.12.2 |
| Next non-vulnerable version | 2.12.5 |
| Latest non-vulnerable version | 4.0.0.beta8 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-daww-8648-tqax
Aliases: GHSA-r4x3-g983-9g48 |
Moderate severity vulnerability that affects sprockets Withdrawn, accidental duplicate publish. Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding. |
Affected by 1 other vulnerability. |
|
VCID-g8de-56gr-37cf
Aliases: CVE-2014-7819 GHSA-33pp-3763-mrfp OSV-113965 |
Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-s6cp-dk5r-v3aw
Aliases: CVE-2018-3760 GHSA-pr3h-jjhj-573x |
Information Exposure The package sprockets may leak confidential information. Specially crafted requests can be used to access files that exist on the filesystem that are outside an application's root directory when the server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||