EPSS
Percentile
75.2%
twentytwenty.storage is vulnerable to directory traversal. The LocalStorageProvider allows creation and reading of files outside of the specified basepath. This can result in read and write of arbitrary files on the filesystem.
github.com/2020IP/TwentyTwenty.Storage/commit/85f97b7747552a2d65702046ca18c6e048d8b102
security401.com/twentytwenty-storage-path-traversal/