|
|
Log in / Subscribe / Register

rubygem-sprockets: directory traversal

Package(s):rubygem-sprockets CVE #(s):CVE-2014-7819
Created:November 26, 2014 Updated:February 20, 2015
Description: From the CVE entry:

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.

Alerts:
Mageia MGASA-2015-0074 ruby-sprockets 2015-02-19
Fedora FEDORA-2014-15489 rubygem-sprockets 2015-02-15
Fedora FEDORA-2014-15413 rubygem-sprockets 2015-02-15
openSUSE openSUSE-SU-2014:1513-1 rubygem-sprockets 2014-11-27
openSUSE openSUSE-SU-2014:1514-1 rubygem-sprockets 2014-11-27
openSUSE openSUSE-SU-2014:1504-1 rubygem-sprockets-2_2 2014-11-26
openSUSE openSUSE-SU-2014:1502-1 rubygem-sprockets-2_1 2014-11-26
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds