CVE-2019-12479
CVE-2019-12479 affects 20|20 Storage 2.11.0, specifically the LocalStorageProvider in TwentyTwenty.Storage. The vulnerability is a path traversal that lets an attacker create/read files outside the configured basepath when user-supplied filenames aren’t sanitized, potentially enabling read/write ...