Information Disclosure
drupal/core is vulnerable to information disclosure. The vulnerability exists due to a lack of input validation in the ImageStyleDownloadController.php as it only restricts access to non-public files if stored in the private file directory, allowing an attacker to gain access to additional files ...