Sprockets forbidden_request?() Function Path Traversal VulnerabilitySeptember 8, 2018 am30 1:26 am

A vulnerability in Sprockets could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability is due to insufficient sanitization of user-supplied input by the affected software when the forbidden_request?() function is used. An attacker could exploit this vulnerability by passing crafted URL requests to the targeted Sprockets system being used in production. A successful exploit could lead to a path traversal condition, allowing an attacker to read arbitrary files on the targeted system.

The vendor confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-3760

%d bloggers like this: