The vulnerability of the res.download() function in the template.js script (located at backend/src/routes/template.js), a documentation generation tool from PwnDoc, allows a hacker to read arbitrary files.

The vulnerability of the res.download function in the template.js script located at backend/src/routes/template.js, a tool for automating report document formatting by PwnDoc, is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow...