Y4Rvin

**Name of the Vulnerable Software and Affected Versions** NiceGUI versions 3.3.1 and below **Description** NiceGUI, a Python-based UI framework, contains a flaw that allows a remote attacker to read arbitrary files on the server filesystem. This is due to a directory traversal issue present in the `App.add media files()` function. The `App.add media files()` function does not properly sanitize file paths, allowing an attacker to potentially access sensitive information. **Recommendations** Update to version 3.4.0 or later.