CVE-2021-32708
CVE-2021-32708 concerns thephpleague flysystem, a PHP filesystem abstraction library. The issue arises in the whitespace normalization logic for 1.x and 2.x: if a user-supplies a filename, the path is not checked for unicode chars, and the path’s extension is denied (not allow-listed), with a uni...