Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2018-3760 — Path Traversal in Project Sprockets
Severity
7.5HIGHNVD
EPSS
93.8%
top 0.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 26
Latest updateJul 19
Description
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 9.0, Enterprise Linux 6.0, 6.7, 7.0, 7.3, 7.4, 7.5, 7.6
Patches
🔴Vulnerability Details
5VulnCheck▶
Red Hat cloudforms Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')↗2018
💥Exploits & PoCs
1Nuclei▶
Ruby On Rails - Local File Inclusion