exploit
- Engineering
- Last Updated: June 19, 2018
- Richard Schneeman
All previously released versions of Sprockets , the software that powers the Rails asset pipeline, contain a directory traversal vulnerability . This vulnerability has been assigned CVE-2018-3760 .
How do I know if I'm affected?
Rails applications are vulnerable if they have this setting enabled in their application:
# config/environments/production.rb
config.assets.compile = true # setting to true makes your app vulnerable
Note: The default value of this setting that ships with Rails in production.rb is false. By default, Rails apps running in production mode are not vulnerable to this exploit.
Subscribe to the full-text RSS feed for Richard Schneeman.