exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2018-3760

Status Candidate

Overview

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.

Related Files

Red Hat Security Advisory 2018-2745-01
Posted Sep 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2745-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Issues addressed include code execution and traversal vulnerabilities.

tags | advisory, web, vulnerability, code execution, ruby
systems | linux, redhat
advisories | CVE-2018-10905, CVE-2018-3760
MD5 | 71d921baf1c377550682429bed433a41
Red Hat Security Advisory 2018-2561-01
Posted Sep 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2561-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include code execution and traversal vulnerabilities.

tags | advisory, web, vulnerability, code execution, ruby
systems | linux, redhat
advisories | CVE-2018-10905, CVE-2018-3760
MD5 | b9be0002e51a4672521b2f07d2e5bf6f
Red Hat Security Advisory 2018-2245-01
Posted Jul 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2245-01 - Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Issues addressed include a traversal vulnerability.

tags | advisory, web, javascript, ruby
systems | linux, redhat
advisories | CVE-2018-3760
MD5 | 4cddbf970a525c46f424b9018ec2be7a
Red Hat Security Advisory 2018-2244-01
Posted Jul 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2244-01 - Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Issues addressed include a traversal vulnerability.

tags | advisory, web, javascript, ruby
systems | linux, redhat
advisories | CVE-2018-3760
MD5 | c8e6a8b16ca9c1af84c6ecdfe2748f94
Debian Security Advisory 4242-1
Posted Jul 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4242-1 - Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application's root directory via specially crafted requests, when the Sprockets server is used in production.

tags | advisory, remote, arbitrary, root, ruby
systems | linux, debian
advisories | CVE-2018-3760
MD5 | 106d6b21a5ae2a721cddf96019f8467d
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close