Relative Path Traversal in Flarum using fake OAuth Provider

Jun 11, 2021 By Vikrant Singh Chauhan

Reported a low impact Path Traversal where an OAuth Provider could read local files exploiting relative path traversal in Flarum.