Description

All previously released versions of Sprockets (4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower), the software that powers the Rails asset pipeline, contain a directory traversal vulnerability.

Remediation

All users running an affected release should either upgrade or use one of the work arounds immediately.

References

Rails Asset Pipeline Directory Traversal Vulnerability (CVE-2018-3760)

Do not respond to http requests asking for a `file://`

CVE-2018-3760] Path Traversal in Sprockets

Related Vulnerabilities

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Directory Traversal (4.9.9)

WordPress Plugin Zedna eBook download Directory Traversal (1.1)

WordPress Plugin Zedna Contact form Directory Traversal (1.1)

WordPress Plugin WP Fastest Cache Directory Traversal (0.8.9.5)

WordPress Plugin Insert Pages Directory Traversal (3.2.3)

Severity

High

Classification

CVE-2018-3760 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Directory Traversal