Search overlay panel for performing site-wide searches
Salesforce (Heroku) Named a Leader. Learn More!

exploit

All previously released versions of Sprockets , the software that powers the Rails asset pipeline, contain a directory traversal vulnerability . This vulnerability has been assigned CVE-2018-3760 .

How do I know if I'm affected?

Rails applications are vulnerable if they have this setting enabled in their application:

# config/environments/production.rb
config.assets.compile = true # setting to true makes your app vulnerable

Note: The default value of this setting that ships with Rails in production.rb is false. By default, Rails apps running in production mode are not vulnerable to this exploit.

How do…

Subscribe to the full-text RSS feed for Richard Schneeman.