VYPR
Moderate severityNVD Advisory· Published Nov 8, 2014· Updated Jun 17, 2026

CVE-2014-7819

CVE-2014-7819

Description

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sprocketsRubyGems
< 2.0.52.0.5
sprocketsRubyGems
>= 2.1.0, < 2.1.42.1.4
sprocketsRubyGems
>= 2.2.0, < 2.2.32.2.3
sprocketsRubyGems
>= 2.3.0, < 2.3.32.3.3
sprocketsRubyGems
>= 2.4.0, < 2.4.62.4.6
sprocketsRubyGems
>= 2.5.0, < 2.5.12.5.1
sprocketsRubyGems
>= 2.6.0, < 2.7.12.7.1
sprocketsRubyGems
>= 2.8.0, < 2.8.32.8.3
sprocketsRubyGems
>= 2.9.0, < 2.9.42.9.4
sprocketsRubyGems
>= 2.10.0, < 2.10.22.10.2
sprocketsRubyGems
>= 2.11.0, < 2.11.32.11.3
sprocketsRubyGems
>= 2.12.0, < 2.12.32.12.3

Affected products

5
  • cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:sprockets_project:sprockets:*:*:*:*:*:*:*:*range: >=2.0.0,<2.0.5
    • cpe:2.3:a:sprockets_project:sprockets:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:sprockets_project:sprockets:3.0.0:beta2:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.0.5

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.