Cyu

**Name of the Vulnerable Software and Affected Versions** rack-cors versions prior to 1.0.4 **Description** The issue allows for ../ directory traversal, enabling access to private resources. This is due to the fact that resource matching does not ensure pathnames are in a canonical format. The vulnerability can be exploited by a remote attacker to gain access to confidential data. **Recommendations** For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.