CVE-2018-3760

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.

Published : 2018-06-26 19:29 Updated : 2019-10-09 23:40

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Redhat Cloudforms 4.5 cpe:/a:redhat:cloudforms:4.5
Redhat Cloudforms 4.6 cpe:/a:redhat:cloudforms:4.6
Redhat Enterprise Linux 6.0 cpe:/o:redhat:enterprise_linux:6.0
Redhat Enterprise Linux 7.6 cpe:/o:redhat:enterprise_linux:7.6
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:-
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta1
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta10
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta11
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta12
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta13
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta14
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta15
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta2
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta3
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta4
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta5
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta6
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta7
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta8
Sprockets Project Sprockets 2.0.0 cpe:/a:sprockets_project:sprockets:2.0.0:beta9
Sprockets Project Sprockets 2.0.1 cpe:/a:sprockets_project:sprockets:2.0.1
Sprockets Project Sprockets 2.0.2 cpe:/a:sprockets_project:sprockets:2.0.2
Sprockets Project Sprockets 2.0.3 cpe:/a:sprockets_project:sprockets:2.0.3
Sprockets Project Sprockets 2.0.4 cpe:/a:sprockets_project:sprockets:2.0.4
Sprockets Project Sprockets 2.1.0 cpe:/a:sprockets_project:sprockets:2.1.0:-
Sprockets Project Sprockets 2.1.0 cpe:/a:sprockets_project:sprockets:2.1.0:beta
Sprockets Project Sprockets 2.1.1 cpe:/a:sprockets_project:sprockets:2.1.1
Sprockets Project Sprockets 2.1.2 cpe:/a:sprockets_project:sprockets:2.1.2
Sprockets Project Sprockets 2.1.4 cpe:/a:sprockets_project:sprockets:2.1.4
Sprockets Project Sprockets 2.2.0 cpe:/a:sprockets_project:sprockets:2.2.0:-
Sprockets Project Sprockets 2.2.0 cpe:/a:sprockets_project:sprockets:2.2.0:beta
Sprockets Project Sprockets 2.2.1 cpe:/a:sprockets_project:sprockets:2.2.1
Sprockets Project Sprockets 2.2.3 cpe:/a:sprockets_project:sprockets:2.2.3
Sprockets Project Sprockets 2.3.0 cpe:/a:sprockets_project:sprockets:2.3.0:-
Sprockets Project Sprockets 2.3.0 cpe:/a:sprockets_project:sprockets:2.3.0:beta
Sprockets Project Sprockets 2.3.1 cpe:/a:sprockets_project:sprockets:2.3.1
Sprockets Project Sprockets 2.3.3 cpe:/a:sprockets_project:sprockets:2.3.3
Sprockets Project Sprockets 2.4.0 cpe:/a:sprockets_project:sprockets:2.4.0
Sprockets Project Sprockets 2.4.1 cpe:/a:sprockets_project:sprockets:2.4.1
Sprockets Project Sprockets 2.4.2 cpe:/a:sprockets_project:sprockets:2.4.2
Sprockets Project Sprockets 2.4.3 cpe:/a:sprockets_project:sprockets:2.4.3
Sprockets Project Sprockets 2.4.4 cpe:/a:sprockets_project:sprockets:2.4.4
Sprockets Project Sprockets 2.4.6 cpe:/a:sprockets_project:sprockets:2.4.6
Sprockets Project Sprockets 2.5.1 cpe:/a:sprockets_project:sprockets:2.5.1
Sprockets Project Sprockets 2.6.1 cpe:/a:sprockets_project:sprockets:2.6.1
Sprockets Project Sprockets 2.7.1 cpe:/a:sprockets_project:sprockets:2.7.1
Sprockets Project Sprockets 2.8.0 cpe:/a:sprockets_project:sprockets:2.8.0
Sprockets Project Sprockets 2.8.1 cpe:/a:sprockets_project:sprockets:2.8.1
Sprockets Project Sprockets 2.8.3 cpe:/a:sprockets_project:sprockets:2.8.3
Sprockets Project Sprockets 2.9.0 cpe:/a:sprockets_project:sprockets:2.9.0
Sprockets Project Sprockets 2.9.2 cpe:/a:sprockets_project:sprockets:2.9.2
Sprockets Project Sprockets 2.9.4 cpe:/a:sprockets_project:sprockets:2.9.4
Sprockets Project Sprockets 2.10.0 cpe:/a:sprockets_project:sprockets:2.10.0
Sprockets Project Sprockets 2.10.2 cpe:/a:sprockets_project:sprockets:2.10.2
Sprockets Project Sprockets 2.11.0 cpe:/a:sprockets_project:sprockets:2.11.0
Sprockets Project Sprockets 2.11.1 cpe:/a:sprockets_project:sprockets:2.11.1
Sprockets Project Sprockets 2.11.3 cpe:/a:sprockets_project:sprockets:2.11.3
Sprockets Project Sprockets 2.12.0 cpe:/a:sprockets_project:sprockets:2.12.0
Sprockets Project Sprockets 2.12.1 cpe:/a:sprockets_project:sprockets:2.12.1
Sprockets Project Sprockets 2.12.3 cpe:/a:sprockets_project:sprockets:2.12.3
Sprockets Project Sprockets 2.12.4 cpe:/a:sprockets_project:sprockets:2.12.4
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:-
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta1
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta10
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta2
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta3
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta4
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta5
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta6
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta7
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta8
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta9
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:rc1
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:rc2
Sprockets Project Sprockets 3.0.1 cpe:/a:sprockets_project:sprockets:3.0.1
Sprockets Project Sprockets 3.0.2 cpe:/a:sprockets_project:sprockets:3.0.2
Sprockets Project Sprockets 3.0.3 cpe:/a:sprockets_project:sprockets:3.0.3
Sprockets Project Sprockets 3.1.0 cpe:/a:sprockets_project:sprockets:3.1.0
Sprockets Project Sprockets 3.2.0 cpe:/a:sprockets_project:sprockets:3.2.0
Sprockets Project Sprockets 3.3.0 cpe:/a:sprockets_project:sprockets:3.3.0
Sprockets Project Sprockets 3.3.1 cpe:/a:sprockets_project:sprockets:3.3.1
Sprockets Project Sprockets 3.3.2 cpe:/a:sprockets_project:sprockets:3.3.2
Sprockets Project Sprockets 3.3.3 cpe:/a:sprockets_project:sprockets:3.3.3
Sprockets Project Sprockets 3.3.4 cpe:/a:sprockets_project:sprockets:3.3.4
Sprockets Project Sprockets 3.3.5 cpe:/a:sprockets_project:sprockets:3.3.5
Sprockets Project Sprockets 3.4.0 cpe:/a:sprockets_project:sprockets:3.4.0
Sprockets Project Sprockets 3.4.1 cpe:/a:sprockets_project:sprockets:3.4.1
Sprockets Project Sprockets 3.5.0 cpe:/a:sprockets_project:sprockets:3.5.0
Sprockets Project Sprockets 3.5.1 cpe:/a:sprockets_project:sprockets:3.5.1
Sprockets Project Sprockets 3.5.2 cpe:/a:sprockets_project:sprockets:3.5.2
Sprockets Project Sprockets 3.6.0 cpe:/a:sprockets_project:sprockets:3.6.0
Sprockets Project Sprockets 3.6.1 cpe:/a:sprockets_project:sprockets:3.6.1
Sprockets Project Sprockets 3.6.2 cpe:/a:sprockets_project:sprockets:3.6.2
Sprockets Project Sprockets 3.6.3 cpe:/a:sprockets_project:sprockets:3.6.3
Sprockets Project Sprockets 3.7.0 cpe:/a:sprockets_project:sprockets:3.7.0
Sprockets Project Sprockets 3.7.1 cpe:/a:sprockets_project:sprockets:3.7.1
Sprockets Project Sprockets 2.0.5 cpe:/a:sprockets_project:sprockets:2.0.5
Sprockets Project Sprockets 2.1.3 cpe:/a:sprockets_project:sprockets:2.1.3
Sprockets Project Sprockets 2.2.2 cpe:/a:sprockets_project:sprockets:2.2.2
Sprockets Project Sprockets 2.3.2 cpe:/a:sprockets_project:sprockets:2.3.2
Sprockets Project Sprockets 2.4.5 cpe:/a:sprockets_project:sprockets:2.4.5
Sprockets Project Sprockets 2.5.0 cpe:/a:sprockets_project:sprockets:2.5.0
Sprockets Project Sprockets 2.6.0 cpe:/a:sprockets_project:sprockets:2.6.0
Sprockets Project Sprockets 2.7.0 cpe:/a:sprockets_project:sprockets:2.7.0
Sprockets Project Sprockets 2.8.2 cpe:/a:sprockets_project:sprockets:2.8.2
Sprockets Project Sprockets 2.9.3 cpe:/a:sprockets_project:sprockets:2.9.3
Sprockets Project Sprockets 2.10.1 cpe:/a:sprockets_project:sprockets:2.10.1
Sprockets Project Sprockets 2.11.2 cpe:/a:sprockets_project:sprockets:2.11.2
Sprockets Project Sprockets 2.12.2 cpe:/a:sprockets_project:sprockets:2.12.2
Sprockets Project Sprockets 3.0.0 cpe:/a:sprockets_project:sprockets:3.0.0:beta.2
Sprockets Project Sprockets 4.0.0 cpe:/a:sprockets_project:sprockets:4.0.0:beta1
Sprockets Project Sprockets 4.0.0 cpe:/a:sprockets_project:sprockets:4.0.0:beta2
Sprockets Project Sprockets 4.0.0 cpe:/a:sprockets_project:sprockets:4.0.0:beta3
Sprockets Project Sprockets 4.0.0 cpe:/a:sprockets_project:sprockets:4.0.0:beta4
Sprockets Project Sprockets 4.0.0 cpe:/a:sprockets_project:sprockets:4.0.0:beta5
Sprockets Project Sprockets 4.0.0 cpe:/a:sprockets_project:sprockets:4.0.0:beta6
Sprockets Project Sprockets 4.0.0 cpe:/a:sprockets_project:sprockets:4.0.0:beta7
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Redhat Enterprise Linux 6.7 cpe:/o:redhat:enterprise_linux:6.7
Redhat Enterprise Linux 7.0 cpe:/o:redhat:enterprise_linux:7.0
Redhat Enterprise Linux 7.3 cpe:/o:redhat:enterprise_linux:7.3
Redhat Enterprise Linux 7.4 cpe:/o:redhat:enterprise_linux:7.4
Redhat Enterprise Linux 7.5 cpe:/o:redhat:enterprise_linux:7.5
  1. Redhat (2) Search CVE
    1. Cloudforms (2) Search CVE
      1. 4.5
      2. 4.6
    2. Enterprise Linux (7) Search CVE
      1. 6.0
      2. 7.6
      3. 6.7
      4. 7.0
      5. 7.3
      6. 7.4
      7. 7.5
  2. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 9.0
  3. Sprockets Project (1) Search CVE
    1. Sprockets (76) Search CVE
      1. 2.0.0
      2. 2.0.1
      3. 2.0.2
      4. 2.0.3
      5. 2.0.4
      6. 2.1.0
      7. 2.1.1
      8. 2.1.2
      9. 2.1.4
      10. 2.2.0
      11. 2.2.1
      12. 2.2.3
      13. 2.3.0
      14. 2.3.1
      15. 2.3.3
      16. 2.4.0
      17. 2.4.1
      18. 2.4.2
      19. 2.4.3
      20. 2.4.4
      21. 2.4.6
      22. 2.5.1
      23. 2.6.1
      24. 2.7.1
      25. 2.8.0
      26. 2.8.1
      27. 2.8.3
      28. 2.9.0
      29. 2.9.2
      30. 2.9.4
      31. 2.10.0
      32. 2.10.2
      33. 2.11.0
      34. 2.11.1
      35. 2.11.3
      36. 2.12.0
      37. 2.12.1
      38. 2.12.3
      39. 2.12.4
      40. 3.0.0
      41. 3.0.1
      42. 3.0.2
      43. 3.0.3
      44. 3.1.0
      45. 3.2.0
      46. 3.3.0
      47. 3.3.1
      48. 3.3.2
      49. 3.3.3
      50. 3.3.4
      51. 3.3.5
      52. 3.4.0
      53. 3.4.1
      54. 3.5.0
      55. 3.5.1
      56. 3.5.2
      57. 3.6.0
      58. 3.6.1
      59. 3.6.2
      60. 3.6.3
      61. 3.7.0
      62. 3.7.1
      63. 2.0.5
      64. 2.1.3
      65. 2.2.2
      66. 2.3.2
      67. 2.4.5
      68. 2.5.0
      69. 2.6.0
      70. 2.7.0
      71. 2.8.2
      72. 2.9.3
      73. 2.10.1
      74. 2.11.2
      75. 2.12.2
      76. 4.0.0

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-10-09 23:40
2019-04-22 17:48
2018-09-27 10:29
2018-09-05 10:29
2018-08-20 12:07
2018-07-26 01:29
2018-07-11 01:29
2018-06-26 19:29

New CVE