Moderate severity vulnerability that affects sprockets

Withdrawn, accidental duplicate publish.

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.

Published: Oct 10, 2018
Updated: Apr 14, 2023
GHSA: GHSA-r4x3-g983-9g48
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sprockets	2.6.0	2.7.1
sprockets	-	2.0.5
sprockets	2.1.0	2.1.4
sprockets	2.2.0	2.2.3
sprockets	2.4.0	2.4.6
sprockets	2.5.0	2.5.0.x
sprockets	2.5.0	2.5.1
sprockets	2.8.0	2.8.3
sprockets	2.9.0	2.9.4
sprockets	2.10.0	2.10.2
sprockets	2.11.0	2.11.3
sprockets	2.12.0	2.12.3

No references available.

Vulnerability Database

289,697

Moderate severity vulnerability that affects sprockets