Ruby on Rails: Directory traversal attack in view resolver

There seems to be two cases that allow directory traversal when using wildcard URL segments that allow rendering view outside view paths. For example, let say there is a route get '/help/action’, controller: ‘help’ and a matching controller class HelpController ApplicationController end This...