@MatrixNeoKozakchecks…scout-improvement-1780252136477 → master3 files · +9 −5updated 1w agoThe safeReadFile function in multiple modules resolves the file path but then validates the original input path, not the resolved path. This allows path traversal attacks via symlinks. Additionally, the validateFileReferences function in projectmemory-analyzer.js resolves paths without verifying the input does not contain traversal sequences. The fix resolves the path first, then validates the resolved path against the base path to ensure security.