1
Candidate: CVE-2014-7819
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819
6
Multiple directory traversal vulnerabilities in server.rb in Sprockets
7
before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3,
8
2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x
9
before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before
10
2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed
11
with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the
12
existence of files outside the application root via a ../ (dot dot slash)
13
sequence with (1) double slashes or (2) URL encoding.
21
Patches_ruby-sprockets:
22
upstream_ruby-sprockets: needs-triage
23
lucid_ruby-sprockets: DNE
24
precise_ruby-sprockets: DNE
25
precise/esm_ruby-sprockets: DNE
26
trusty_ruby-sprockets: needs-triage
27
utopic_ruby-sprockets: ignored (reached end-of-life)
28
vivid_ruby-sprockets: ignored (reached end-of-life)
29
vivid/stable-phone-overlay_ruby-sprockets: DNE
30
vivid/ubuntu-core_ruby-sprockets: DNE
31
wily_ruby-sprockets: ignored (reached end-of-life)
32
xenial_ruby-sprockets: needs-triage
33
yakkety_ruby-sprockets: ignored (reached end-of-life)
34
zesty_ruby-sprockets: ignored (reached end-of-life)
35
artful_ruby-sprockets: needs-triage
36
bionic_ruby-sprockets: needs-triage
37
devel_ruby-sprockets: needs-triage