Candidate: CVE-2014-7819
PublicDate: 2014-11-08 11:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819
Description:
 Multiple directory traversal vulnerabilities in server.rb in Sprockets
 before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3,
 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x
 before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before
 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed
 with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the
 existence of files outside the application root via a ../ (dot dot slash)
 sequence with (1) double slashes or (2) URL encoding.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_ruby-sprockets:
upstream_ruby-sprockets: needs-triage
lucid_ruby-sprockets: DNE
precise_ruby-sprockets: DNE
precise/esm_ruby-sprockets: DNE
trusty_ruby-sprockets: ignored (reached end-of-life)
trusty/esm_ruby-sprockets: DNE (trusty was needs-triage)
utopic_ruby-sprockets: ignored (reached end-of-life)
vivid_ruby-sprockets: ignored (reached end-of-life)
vivid/stable-phone-overlay_ruby-sprockets: DNE
vivid/ubuntu-core_ruby-sprockets: DNE
wily_ruby-sprockets: ignored (reached end-of-life)
xenial_ruby-sprockets: not-affected (2.12.3-1)
yakkety_ruby-sprockets: ignored (reached end-of-life)
zesty_ruby-sprockets: ignored (reached end-of-life)
artful_ruby-sprockets: ignored (reached end-of-life)
bionic_ruby-sprockets: not-affected (2.12.3-1)
cosmic_ruby-sprockets: not-affected (2.12.3-1)
disco_ruby-sprockets: not-affected (2.12.3-1)
devel_ruby-sprockets: not-affected (2.12.3-1)