Description
All previously released versions of Sprockets (4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower), the software that powers the Rails asset pipeline, contain a directory traversal vulnerability.
Remediation
All users running an affected release should either upgrade or use one of the work arounds immediately.
References
Rails Asset Pipeline Directory Traversal Vulnerability (CVE-2018-3760)
Related Vulnerabilities
WordPress Plugin DM Albums File Dislosure (1.9.2)
WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)
WordPress Plugin WP eCommerce Multiple Vulnerabilities (3.8.9.5)
Joomla! Core Directory Traversal (2.5.0 - 3.9.20)
WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)