A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served.
Disable the static option which will disable the public_dir option. With this configuration, Sinatra will not serve files from the public directory and therefore files outside of it.