[CRITICAL] Fixed potential path traversal attack and remote code injection

PKSA-hvx3-cvjz-ktb4 GHSA-x86x-qhf8-f37w

Affected version: <2.1.1

Reported by:
GitHub, FriendsOfPHP/security-advisories