sprockets is vulnerable to directory traversals. A malicious user can send a http request with the file://
parameter to request and download files from the server.
access.redhat.com/errata/RHSA-2018:2244
access.redhat.com/errata/RHSA-2018:2245
access.redhat.com/errata/RHSA-2018:2561
access.redhat.com/errata/RHSA-2018:2745
access.redhat.com/security/updates/classification/#important
github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5fhttps://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5
groups.google.com/d/msg/rubyonrails-security/ft_J--l55fM/7roDfQ50BwAJ
www.debian.org/security/2018/dsa-4242