sprockets vulnerabilities

Sprockets is a Rack-based asset packaging system that concatenates and serves JavaScript, CoffeeScript, CSS, Sass, and SCSS.

Latest version: 4.0.0.beta8

Licenses detected

  • license: Unknown < 2.9.0, >= 0.9.0
  • license: MIT >= 2.9.0
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the sprockets package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • H
Directory Traversal
<2.12.5,>=3.0.0, <3.7.2,>=4.0.0, <4.0.0.beta8 Not available 20 Jun, 2018
  • M
Arbitrary File Existence Exposure
< 3.0.0.beta.3, >= 2.13,< 2.12.3, >= 2.12,< 2.11.3, >= 2.11,< 2.10.2, >= 2.10,< 2.9.4, >= 2.9,< 2.8.3, >= 2.8,< 2.7.1, >= 2.6,< 2.5.1, >= 2.5,< 2.4.6, >= 2.4,< 2.3.3, >= 2.3,< 2.2.3, >= 2.2,< 2.1.4, >= 2.1,< 2.0.5 Not available 29 Oct, 2014