Rails Asset Pipeline Directory Traversal Vulnerability (CVE-2018-3760)
All previously released versions of Sprockets, the software that powers the Rails asset pipeline, contain a directory traversal vulnerability. This vulnerability has been assigned CVE-2018-3760.
How Do I know if I’m Affected?
The Rails applications are vulnerable if they have this setting enabled in their application: