CVE-2014-7819Path Traversal in Project Sprockets

CWE-22Path TraversalCWE-200Sensitive Information Exposure9 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 26.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sprockets Project Sprockets
Timeline
PublishedNov 8
Latest updateOct 24

Description

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDsprockets_project/sprockets2.0.02.0.5+13
RubyGemssprockets_project/sprockets2.1.02.1.4+11

🔴Vulnerability Details

4
OSV
sprockets vulnerable to Path Traversal2017-10-24
GHSA
sprockets vulnerable to Path Traversal2017-10-24
CVEList
CVE-2014-7819: Multiple directory traversal vulnerabilities in server2014-11-08
OSV
CVE-2014-7819: Multiple directory traversal vulnerabilities in server2014-11-08

📋Vendor Advisories

2
Red Hat
rubygem-sprockets: arbitrary file existence disclosure2014-10-31
Debian
CVE-2014-7819: ruby-sprockets - Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2....2014

💬Community

2
Bugzilla
CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure [fedora-all]2014-11-14
Bugzilla
CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure2014-11-07
CVE-2014-7819 — Path Traversal in Project Sprockets | cvebase