Rails Asset Pipeline Directory Traversal Vulnerability

Description

All previously released versions of Sprockets (4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower), the software that powers the Rails asset pipeline, contain a directory traversal vulnerability.

Remediation

All users running an affected release should either upgrade or use one of the work arounds immediately.

References

Severity

Classification

Tags

Directory Traversal

Related Vulnerabilities

WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)
WordPress Plugin Photo Gallery by WD-Responsive Photo Gallery for WordPress Directory Traversal (1.3.42)
WordPress Plugin Ajax Pagination (twitter Style) Local File Inclusion (1.1)
WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0)