Description

All previously released versions of Sprockets (4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower), the software that powers the Rails asset pipeline, contain a directory traversal vulnerability.

Remediation

All users running an affected release should either upgrade or use one of the work arounds immediately.

References

Rails Asset Pipeline Directory Traversal Vulnerability (CVE-2018-3760)

Do not respond to http requests asking for a `file://`

CVE-2018-3760] Path Traversal in Sprockets

Related Vulnerabilities

WordPress Plugin Video Downloader for TikTok Directory Traversal (1.3)

WordPress Plugin Wholesale Market for WooCommerce Directory Traversal (1.0.8)

WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)

PaperCut NG/MF Path Traversal (CVE-2023-39143)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.12)

Severity

High

Classification

CVE-2018-3760 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal