Vendor
The code16/sharp package is vulnerable to path traversal due to improper sanitization of file extensions, allowing authenticated attackers to manipulate file paths to write files outside the intended temporary directory or overwrite critical files.