sprockets

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting sprocketspage 1 of 1

CVE-2014-7819NONECVSS 0.0✓ Fixed in 2.12.3
2014-11-08
vulnerable: 2.12.0, 2.12.1, 2.12.2
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.…
CVE-2018-3760HIGHCVSS 7.5✓ Fixed in 2.12.5
2018-06-26
vulnerable: 0.9.0 ... 2.9.4 (58 versions)
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an a…

Check whether sprockets is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sprockets CVEs against the assets you own.

Start Free Scan →