Download
| Alert*
oval:org.secpod.oval:def:603449
ruby-sprockets is installed oval:org.secpod.oval:def:53366 Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application"s root directory via specially crafted requests, when the Sprockets server is used in production. oval:org.secpod.oval:def:603448 Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application"s root directory via specially crafted requests, when the Sprockets server is used in production. |