id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release
8725,[Patch] Minor path travelsal vulnerability,tinus,Blackhex,"If the 'file' field in the 'download' table can be manipulated, the DownloadsPlugin allows a user to download any file that can be accessed by the Trac user.

Attached is a patch that uses the basename function prior to concatenating the path to foil this attack.",defect,new,normal,DownloadsPlugin,normal,,,rjollos,0.11