2025-09-17 16:51:52
cisa-cg
PUBLISHED
CISA Thorium does not adequately validate the paths of downloaded files via download_ephemeral and download_children. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2.