hug is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of checks on the resolved directory.