lightdash < 0.510.3 - Path Traversal and Arbitrary File Write via Insecure File Endpoints
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.