CVSS v3.x: 8.6 (High)
- ~> 2.1.3
- >= 2.2.0
There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack.
Versions Affected: rack < 2.2.0 Not affected: Applications that do not use Rack::Directory. Fixed Versions: 2.1.3, >= 2.2.0
If certain directories exist in a director that is managed by
Rack::Directory, an attacker could, using this vulnerability, read the
contents of files on the server that were outside of the root specified in the
Until such time as the patch is applied or their Rack version is upgraded, we recommend that developers do not use Rack::Directory in their applications.