Product
Multiple path traversal vulnerabilities exist in go-billy, particularly affecting the `osfs.ChrootOS` implementation, where crafted paths can escape intended base directories due to insufficient path sanitization and boundary enforcement; users requiring stronger security should upgrade to v6 and use `os.Root`.