This affects the package doc-path before 2.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Information Disclosure
Doc Path
NVD
GitHub
CVSS 3.1
9.8
EPSS
2.7%