Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 2025.7.1 to resolve.
Thank you to Elad Beber (Cymulate) for reporting these issues.
{ "github_reviewed_at": "2025-07-01T20:13:56Z", "cwe_ids": [ "CWE-59" ], "nvd_published_at": "2025-07-02T15:15:27Z", "severity": "HIGH", "github_reviewed": true }