Product
A path traversal vulnerability exists in Mako versions 1.3.11 and earlier on Windows, allowing attackers to read arbitrary files outside the configured template directory by using backslashes in URIs to bypass directory traversal checks.