1. Framework Template Path Traversal Risk: Plugin Trust Boundary Blurred, Defense-in-Depth Urged
A subtle but critical design flaw in a Python framework's template loading system creates a potential path traversal risk, exposing a blurred trust boundary between the framework and its plugins. The current implementation resolves template file paths relative to a plugin's configuration directory but fails to scope th...