Improper Authorization
github.com/IceWhaleTech/CasaOS-UserService is vulnerable to Improper Authorization. The vulnerability is due to improper path filtering in the URL of user avatar image files. The regular expression used in the code snippet fails to sufficiently restrict access, allowing unauthorized actors to...