{"affected":[{"ecosystem_specific":{"binaries":[{"ruby2.1-rubygem-sprockets-2_12":"2.12.5-1.4.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud Crowbar 8","name":"rubygem-sprockets-2_12","purl":"pkg:rpm/suse/rubygem-sprockets-2_12&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.12.5-1.4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rubygem-sprockets-2_12 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-3760: Fix path traversal in sprockets/server.rb:forbidden_request?() that can allow remote attackers to read\n  arbitrary files (bsc#1098369).\n","id":"SUSE-SU-2018:2176-1","modified":"2018-08-02T15:20:25Z","published":"2018-08-02T15:20:25Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182176-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1098369"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3760"}],"related":["CVE-2018-3760"],"summary":"Security update for rubygem-sprockets-2_12","upstream":["CVE-2018-3760"]}