Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory.
CVE vulnerabilities with CWE-34 (1)
7.5
CVSS
HIGH
CVE-2023-41629
pub. 2023-10-17