CVE-2021-32708CRITICAL≥ 0, < 1.1.4·≥ 2.0.0, < 2.1.12021-06-29
CVE-2021-32708 [CRITICAL] CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
### Impact
The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely.
The conditions:
- A user is allowed to supply the path or filename of an uploaded file.
- The supplied path or filename is
ghsaosv