sprocketsgem version is susceptible to path traversal vulnerability RB-A1009
Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory when the Sprockets server is used in production. Upgrading to newer versions of the gem can help fix this issue.
In Rails applications, you can avoid this by setting
config.assets.compile = false and
config.public_file_server.enabled = true in an initializer and precompile the assets.
Note: This workaround will not be possible in all hosting environments, and upgrading is strongly advised.
Affected Versions: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower.