All versions of
public are vulnerable to Path Traversal. This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.
No fix is currently available. Do not use
public in production or consider using an alternative module until a fix is made available.