packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
View the template here CVE-2023-35844.yaml
References:
https://advisory.dw1.io/59