openSUSE Security Update : rubygem-sprockets (openSUSE-2018-686)
High Nessus Plugin ID 110831
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for rubygem-sprockets fixes the following issues :
The following security vulnerability was addressed :
- CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files via specially crafted requests. (boo#1098369)
SolutionUpdate the affected rubygem-sprockets packages.