CVE-2024-4388

This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server