Tag
AVideo versions before 26.0 are vulnerable to an unauthenticated path traversal attack via the HLS streaming endpoint, allowing unauthorized access to private or paid videos by manipulating the `videoDirectory` GET parameter due to inconsistent path handling.