Arbitrary Source Code Disclosure
Source code on a web server often contains sensitive information and should not be accessible to users.
Avoid passing user-submitted input to filesystem APIs. If it’s not possible, another solution is to use a white list of acceptable inputs.
Last updated on February 15, 2021