> Last week, a malicious version (v3.2.0.3) of the bootstrap-sass package was published with a backdoor that could allow third parties to run arbitrary Ruby code passed via cookie. If you are using bootstrap-sass, check the version you're using and upgrade if appropriate.

that's a big yikes from me