Debian Linux Security Advisory 4242-1 - Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application's root directory via specially crafted requests, when the Sprockets server is used in production.
8113507f333d2773f5bd81b6dafb4c30f4cddb7957bfdda816d5a1909ec87d6f