Rails Asset Pipeline Directory Traversal Vulnerability (CVE-2018-3760)

All previously released versions of Sprockets, the software that powers the Rails asset pipeline, contain a directory traversal vulnerability. This vulnerability has been assigned CVE-2018-3760.

How Do I know if I’m Affected?

The Rails applications are vulnerable if they have this setting enabled in their application:

DZone Security Zone

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via