We are sunsetting Hakiri on January 31 2022. To learn more please refer to this document.

rack Critical
File Access
Discovered 6 months ago
Published over 1 year ago
Category: File Access
Severity: Critical

There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack.

Versions Affected: rack < 2.2.0 Not affected: Applications that do not use Rack::Directory. Fixed Versions: 2.1.3, >= 2.2.0


If certain directories exist in a director that is managed by Rack::Directory, an attacker could, using this vulnerability, read the contents of files on the server that were outside of the root specified in the Rack::Directory initializer.


Until such time as the patch is applied or their Rack version is upgraded, we recommend that developers do not use Rack::Directory in their applications.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

~> 2.1.3 >= 2.2.0

Unaffected Versions