Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Path Traversal
Sharelatex
NVD
CVSS 2.0
3.5
EPSS
0.3%