Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4242-1:C27C6
HistoryJul 09, 2018 - 9:06 p.m.

[SECURITY] [DSA 4242-1] ruby-sprockets security update

2018-07-0921:06:50
lists.debian.org
9

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Debian Security Advisory DSA-4242-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
July 09, 2018 https://www.debian.org/security/faq

Package : ruby-sprockets
CVE ID : CVE-2018-3760
Debian Bug : 901913

Orange Tsai discovered a path traversal flaw in ruby-sprockets, a
Rack-based asset packaging system. A remote attacker can take advantage
of this flaw to read arbitrary files outside an application's root
directory via specially crafted requests, when the Sprockets server is
used in production.

For the stable distribution (stretch), this problem has been fixed in
version 3.7.0-1+deb9u1.

We recommend that you upgrade your ruby-sprockets packages.

For the detailed security status of ruby-sprockets please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ruby-sprockets

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8allruby-sprockets<Β 2.12.3-1+deb8u1ruby-sprockets_2.12.3-1+deb8u1_all.deb
Debian9allruby-sprockets<Β 3.7.0-1+deb9u1ruby-sprockets_3.7.0-1+deb9u1_all.deb

Related

openvas 8
fedora 2
veracode 2
nessus 8
osv 3
cvelist 1
hackerone 1
nuclei 1
nvd 1
cve 1
suse 2
redhatcve 1
seebug 1
prion 1
debian 2
redhat 4
ubuntucve 1
debiancve 1
github 1
openvas
openvas
Debian: Security Advisory (DSA-4242-1)
2018-07-08 00:00:00
Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4
2018-07-15 00:00:00
Fedora Update for rubygem-sprockets FEDORA-2018-2735a12b72
2018-07-15 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: rubygem-sprockets-3.7.2-1.fc27
2018-07-14 23:36:29
[SECURITY] Fedora 28 Update: rubygem-sprockets-3.7.2-1.fc28
2018-07-15 03:33:48
veracode
veracode
Directory Traversal
2018-06-20 08:36:16
Directory Traversal
2019-01-15 09:24:20
nessus
nessus
openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)
2018-07-30 00:00:00
openSUSE Security Update : rubygem-sprockets (openSUSE-2019-542)
2019-03-27 00:00:00
Fedora 27 : rubygem-sprockets (2018-fd29597fa4)
2018-07-24 00:00:00
osv
osv
Sprockets path traversal leads to information leak
2018-06-20 22:18:58
ruby-sprockets - security update
2018-07-09 00:00:00
ruby-sprockets - security update
2018-07-12 00:00:00
cvelist
cvelist
CVE-2018-3760
2018-06-19 00:00:00
hackerone
hackerone
Ruby on Rails: Path Traversal on Default Installed Rails Application (Asset Pipeline)
2018-01-22 10:42:20
nuclei
nuclei
Ruby On Rails - Local File Inclusion
2020-04-05 18:01:09
nvd
nvd
CVE-2018-3760
2018-06-26 19:29:00
cve
cve
CVE-2018-3760
2018-06-26 19:29:00
suse
suse
Security update for rubygem-sprockets (moderate)
2018-07-28 16:02:02
Security update for rubygem-sprockets (important)
2018-06-29 21:15:11
redhatcve
redhatcve
CVE-2018-3760
2019-10-09 16:26:49
seebug
seebug
Ruby on Rails θ·―εΎ„η©ΏθΆŠδΈŽδ»»ζ„ζ–‡δ»Άθ―»ε–ζΌζ΄ž(CVE-2018-3760)εˆ†ζž
2018-08-08 00:00:00
prion
prion
Information disclosure
2018-06-26 19:29:00
debian
debian
[SECURITY] [DLA-1419-1] ruby-sprockets security update
2018-07-12 09:30:56
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:06:50
redhat
redhat
(RHSA-2018:2244) Important: rh-ror42-rubygem-sprockets security update
2018-07-24 07:16:08
(RHSA-2018:2245) Important: rh-ror50-rubygem-sprockets security update
2018-07-24 07:16:12
(RHSA-2018:2745) Important: CloudForms 4.5.5 security, bug fix and enhancement update
2018-09-26 18:25:56
ubuntucve
ubuntucve
CVE-2018-3760
2018-06-26 00:00:00
debiancve
debiancve
CVE-2018-3760
2018-06-26 19:29:00
github
github
Sprockets path traversal leads to information leak
2018-06-20 22:18:58

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON
Related for DEBIAN:DSA-4242-1:C27C6
openvas8fedora2veracode2nessus8osv3cvelist1hackerone1nuclei1nvd1cve1suse2redhatcve1seebug1prion1debian2redhat4ubuntucve1debiancve1github1