Add Path Traversal in Sprockets vulnerability

Author: greysteil

gems/sprockets/CVE-2018-3760.yml

@@ -0,0 +1,14 @@
+---
+gem: sprockets
+cve: 2018-3760
+url: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k
+title: Path Traversal in Sprockets
+date: 2018-06-19
+description: |
+  Specially crafted requests can be used to access files that exists on
+  the filesystem that is outside an application's root directory, when the
+  Sprockets server is used in production.
+patched_versions:
+  - ">= 2.12.5, < 3.0.0"
+  - ">= 3.7.2, < 4.0.0"
+  - ">= 4.0.0.beta8"