Rails Asset Pipeline Directory Traversal Vulnerability - Vulnerability Database

Rails Asset Pipeline Directory Traversal Vulnerability

Description

All previously released versions of Sprockets (4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower), the software that powers the Rails asset pipeline, contain a directory traversal vulnerability.

Remediation

All users running an affected release should either upgrade or use one of the work arounds immediately.

References

Rails Asset Pipeline Directory Traversal Vulnerability (CVE-2018-3760)

Do not respond to http requests asking for a `file://`

CVE-2018-3760] Path Traversal in Sprockets

Related Vulnerabilities

Severity

High

Classification

CVE-2018-3760

CWE-22

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N