RubyGems Sprockets 'forbidden_request?()' Function Directory Traversal Vulnerability
BID:105366
Info
RubyGems Sprockets 'forbidden_request?()' Function Directory Traversal Vulnerability
| Bugtraq ID: | 105366 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-3760 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 20 2018 12:00AM |
| Updated: | Jun 20 2018 12:00AM |
| Credit: | Orange Tsai |
| Vulnerable: |
Redhat Software Collections for RHEL 7 Redhat CloudForms Management Engine 5.9 Redhat CloudForms 4.6 Redhat CloudForms 0 Joshua Peek Sprockets 3.7.1 Joshua Peek Sprockets 2.12.4 Joshua Peek Sprockets 2.12.3 Joshua Peek Sprockets 2.12.2 Joshua Peek Sprockets 2.12 Joshua Peek Sprockets 2.11.3 Joshua Peek Sprockets 2.11.2 Joshua Peek Sprockets 2.11 Joshua Peek Sprockets 2.10.2 Joshua Peek Sprockets 2.10.1 Joshua Peek Sprockets 2.10 Joshua Peek Sprockets 2.9.4 Joshua Peek Sprockets 2.9.3 Joshua Peek Sprockets 2.9 Joshua Peek Sprockets 2.8.3 Joshua Peek Sprockets 2.8.2 Joshua Peek Sprockets 2.8 Joshua Peek Sprockets 2.7.1 Joshua Peek Sprockets 2.7 Joshua Peek Sprockets 2.5.1 Joshua Peek Sprockets 2.5 Joshua Peek Sprockets 2.4.6 Joshua Peek Sprockets 2.4.5 Joshua Peek Sprockets 2.4 Joshua Peek Sprockets 2.3.3 Joshua Peek Sprockets 2.3.2 Joshua Peek Sprockets 2.3 Joshua Peek Sprockets 2.2.3 Joshua Peek Sprockets 2.2.2 Joshua Peek Sprockets 2.2 Joshua Peek Sprockets 2.1.4 Joshua Peek Sprockets 2.1.3 Joshua Peek Sprockets 2.1 Joshua Peek Sprockets 2.0.5 Joshua Peek Sprockets 2.0.4 Joshua Peek Sprockets 2.0 Joshua Peek Sprockets 4.0.0.Beta7 |
| Not Vulnerable: |
Joshua Peek Sprockets 3.7.2 Joshua Peek Sprockets 2.12.5 Joshua Peek Sprockets 4.0.0.Beta8 |
Discussion
RubyGems Sprockets 'forbidden_request?()' Function Directory Traversal Vulnerability
RubyGems Sprockets is prone to a directory-traversal vulnerability.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.
Versions prior to RubyGems Sprockets 2.12.5, 3.7.2, and 4.0.0.Beta8 are vulnerable.
RubyGems Sprockets is prone to a directory-traversal vulnerability.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.
Versions prior to RubyGems Sprockets 2.12.5, 3.7.2, and 4.0.0.Beta8 are vulnerable.