I found a directory traversal in `actionpack-page_caching`. Some code may lead to RCE. https://github.com/rails/actionpack-page_caching/blob/master/lib/action_controller/caching/pages.rb#L143 ```ruby def cache_file(path, extension) if path.empty? || path =~ %r{\A/+\z} name = "/index"…