7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-3760

GHSA ID

GHSA-pr3h-jjhj-573x

EPSS Score

0.99789%

CWE

CWE-22

Published

6/20/2018

Updated

9/5/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-3760

CVE-2018-3760: Sprockets path traversal leads to information leak

Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production.

All users running an affected release should either upgrade or use one of the work arounds immediately.

Workaround:

In Rails applications, work around this issue, set config.assets.compile = false and config.public_file_server.enabled = true in an initializer and precompile the assets.

This work around will not be possible in all hosting environments and upgrading is advised.

(GitHub Advisory)

7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-3760

GHSA ID

GHSA-pr3h-jjhj-573x

EPSS Score

0.99789%

CWE

CWE-22

Published

6/20/2018

Updated

9/5/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sprockets	rubygems	< 2.12.5	2.12.5
sprockets	rubygems	>= 3.0.0, < 3.7.2	3.7.2
sprockets	rubygems	>= 4.0.0.beta1, <= 4.0.0.beta7	4.0.0.beta8

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient path validation in the Sprockets server. The commit 18b8a7f explicitly modifies the forbidden_request? method in lib/sprockets/server.rb to add a check for URI schemes (path.include?('://')). Prior to this fix, the function allowed requests with URI schemes like file://, enabling path traversal attacks. The added test case in test/test_server.rb demonstrates this by attempting to access a file:// URL, which would have been permitted without the patch. This function's flawed validation logic directly enabled the CVE-2018-3760 path traversal vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sp**i*lly *r**t** r*qu*sts **n ** us** to ****ss *il*s t**t *xist on t** *il*syst*m t**t is outsi** *n *ppli**tion's root *ir**tory, w**n t** Spro*k*ts s*rv*r is us** in pro*u*tion. *ll us*rs runnin* *n *****t** r*l**s* s*oul* *it**r up*r*** or us

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt p*t* v*li**tion in t** Spro*k*ts s*rv*r. T** *ommit ******* *xpli*itly mo*i*i*s t** `*or*i***n_r*qu*st?` m*t*o* in `li*/spro*k*ts/s*rv*r.r*` to *** * ****k *or URI s***m*s (`p*t*.in*lu**?('://')`). Prior to t

7.5

Basic Information

Concerned about an active attack path?

CVE-2018-3760: Sprockets path traversal leads to information leak

Workaround:

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI