Sprockets Project Sprockets vulnerabilities
2 known vulnerabilities affecting sprockets_project/sprockets.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-3760HIGHCVSS 7.5PoC≥ 2.0.0, ≤ 2.12.4≥ 3.0.0, ≤ 3.7.1+1 more2018-06-26
CVE-2018-3760 [HIGH] CWE-22 CVE-2018-3760: There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release s
ghsanvdosv
CVE-2014-7819MEDIUMCVSS 5.0≥ 2.0.0, < 2.0.5≥ 2.1.0, < 2.1.4+12 more2014-11-08
CVE-2014-7819 [MEDIUM] CWE-22 CVE-2014-7819: Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as d
ghsanvdosv