Ruby 1.8.6 (Webrick Httpd 1.3.1) is vulnerable to a directory traversal flaw. The Ruby on Rails web server, Webrick Httpd 1.3.1, is vulnerable to directory traversal on systems that accept the backslash as a path separator and on case insensitive systems. Patches for the 1.8 and 1.9 code branches are available.