Sha256: 14145699d92637a69870702fc065b8fc5e548b289e6f648881163cd16c3c2d86

Contents?: true

Size: 666 Bytes

Versions: 6

Compression:

Stored size: 666 Bytes

Contents

---
gem: sprockets
cve: 2014-7819
osvdb: 113965
url: https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
title: Arbitrary file existence disclosure in Sprockets
date: 2014-10-30
description: |
  Specially crafted requests can be used to determine whether a file exists on
  the filesystem that is outside an application's root directory.  The files
  will not be served, but attackers can determine whether or not the file
  exists.
cvss_v2: 5.0
patched_versions:
  - ~> 2.0.5
  - ~> 2.1.4
  - ~> 2.2.3
  - ~> 2.3.3
  - ~> 2.4.6
  - ~> 2.5.1
  - ~> 2.7.1
  - ~> 2.8.3
  - ~> 2.9.4
  - ~> 2.10.2
  - ~> 2.11.3
  - ~> 2.12.3
  - ">= 3.0.0.beta.3"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/sprockets/CVE-2014-7819.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/sprockets/CVE-2014-7819.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/sprockets/CVE-2014-7819.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/sprockets/CVE-2014-7819.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/sprockets/CVE-2014-7819.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/sprockets/CVE-2014-7819.yml