Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. Referenceshttps://hackerone.com/reports/1096043
