rswag-api is vulnerable to Directory Traversal. The vulnerability exists in the `call` function of `middleware.rb`, which allows an attacker to read arbitrary `JSON` and `YAML` files via directory traversal, because the library exposes a file that is not in the `OpenAPI` specification file.Read More