Vendor
Algernon is vulnerable to remote code execution due to unbounded upward directory traversal when searching for `handler.lua`, allowing attackers with write access to parent directories to execute arbitrary code.