DotVVM allows path traversal when deployed in Debug mode
There is a path traversal vulnerability in any DotVVM application started in Debug mode, if at least one resource with the FileResourceLocation has been added. The vulnerability allows an attacker to read arbitrary files from the filesystem accessible by the web application (i.e. appsettings.json or other files containing secrets).