DSA-4242-1 ruby-sprockets -- ruby-sprockets
|ID: oval:org.secpod.oval:def:603448||Date: (C)2018-07-10 (M)2018-10-04|
|Class: PATCH||Family: unix|
Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application"s root directory via specially crafted requests, when the Sprockets server is used in production.