id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release 8725,[Patch] Minor path traversal vulnerability,tinus,tinus,"If the 'file' field in the 'download' table can be manipulated, the DownloadsPlugin allows a user to download any file that can be accessed by the Trac user. Attached is a patch that uses the basename function prior to concatenating the path to foil this attack.",defect,closed,normal,DownloadsPlugin,normal,fixed,,Ryan J Ollos,0.11