Multiple directory traversal vulnerabilities in server.rb in Sprockets prior to 2.0.5, 2.1.x prior to 2.1.4, 2.2.x prior to 2.2.3, 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.6, 2.5.x prior to 2.5.1, 2.6.x and 2.7.x prior to 2.7.1, 2.8.x prior to 2.8.3, 2.9.x prior to 2.9.4, 2.10.x prior to 2.10.2, 2.11.x prior to 2.11.3, 2.12.x prior to 2.12.3, and 3.x prior to 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote malicious users to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
sprockets project sprockets 2.6.0 |
||
sprockets project sprockets |
||
sprockets project sprockets 3.0.0 |
Vulmon