Search for packages
| purl | pkg:gem/sprockets@2.9 |
| Tags | Ghost |
| Next non-vulnerable version | 2.12.5 |
| Latest non-vulnerable version | 4.0.0.beta8 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g8de-56gr-37cf
Aliases: CVE-2014-7819 GHSA-33pp-3763-mrfp OSV-113965 |
Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:17.438365+00:00 | Ruby Importer | Affected by | VCID-g8de-56gr-37cf | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sprockets/CVE-2014-7819.yml | 38.0.0 |