Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/sprockets@2.12.5
purl pkg:gem/sprockets@2.12.5
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-s6cp-dk5r-v3aw Information Exposure The package sprockets may leak confidential information. Specially crafted requests can be used to access files that exist on the filesystem that are outside an application's root directory when the server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. CVE-2018-3760
GHSA-pr3h-jjhj-573x

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:45:43.639063+00:00 GitLab Importer Fixing VCID-s6cp-dk5r-v3aw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/sprockets/CVE-2018-3760.yml 38.4.0
2026-04-11T21:56:29.654862+00:00 GitLab Importer Fixing VCID-s6cp-dk5r-v3aw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/sprockets/CVE-2018-3760.yml 38.3.0
2026-04-02T22:09:53.647655+00:00 GitLab Importer Fixing VCID-s6cp-dk5r-v3aw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/sprockets/CVE-2018-3760.yml 38.1.0
2026-04-01T15:56:27.835849+00:00 GHSA Importer Fixing VCID-s6cp-dk5r-v3aw https://github.com/advisories/GHSA-pr3h-jjhj-573x 38.0.0
2026-04-01T13:04:03.372844+00:00 GithubOSV Importer Fixing VCID-s6cp-dk5r-v3aw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/06/GHSA-pr3h-jjhj-573x/GHSA-pr3h-jjhj-573x.json 38.0.0
2026-04-01T12:47:48.553527+00:00 GitLab Importer Fixing VCID-s6cp-dk5r-v3aw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/sprockets/CVE-2018-3760.yml 38.0.0