Lucene search

K

GoogleOSV:GHSA-33PP-3763-MRFP

HistoryOct 24, 2017 - 6:33 p.m.

sprockets vulnerable to Path Traversal

2017-10-2418:33:36

Google

osv.dev

12

EPSS

0.004

Percentile

74.4%

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a …/ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.

References

lists.opensuse.org/opensuse-updates/2014-11/msg00103.html

lists.opensuse.org/opensuse-updates/2014-11/msg00105.html

lists.opensuse.org/opensuse-updates/2014-11/msg00110.html

lists.opensuse.org/opensuse-updates/2014-11/msg00111.html

access.redhat.com/errata/RHBA-2015:1100

access.redhat.com/security/cve/CVE-2014-7819

bugzilla.redhat.com/show_bug.cgi?id=1161527

groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY

groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ

groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ

nvd.nist.gov/vuln/detail/CVE-2014-7819

EPSS

0.004

Percentile

74.4%

Related for OSV:GHSA-33PP-3763-MRFP

prion1 debiancve1 cvelist1 nessus6 openvas3 ibm1 fedora2 mageia1 cve1 github1 ubuntucve1 nvd1 rubygems1