Search for packages
| purl | pkg:gem/sprockets@2.5.0a |
| Tags | Ghost |
| Next non-vulnerable version | 2.12.5 |
| Latest non-vulnerable version | 4.0.0.beta8 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g8de-56gr-37cf
Aliases: CVE-2014-7819 GHSA-33pp-3763-mrfp OSV-113965 |
Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:54.787973+00:00 | GitLab Importer | Affected by | VCID-g8de-56gr-37cf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/sprockets/CVE-2014-7819.yml | 38.0.0 |