Raggic

**Name of the Vulnerable Software and Affected Versions** Rack versions 1.4.x through 1.4.4 Rack versions 1.5.x through 1.5.1 **Description** The issue allows attackers to access arbitrary files outside the intended root directory via a crafted `PATH INFO` environment variable, probably a directory traversal vulnerability that is remotely exploitable, also known as "symlink path traversals." **Recommendations** For Rack versions 1.4.x through 1.4.4, update to version 1.4.5 or later. For Rack versions 1.5.x through 1.5.1, update to version 1.5.2 or later.