GHSA-9FFM-FXG3-XRHH NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
Summary NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with...