## https://sploitus.com/exploit?id=264867FD-4EB1-5B4B-B20D-A689DCDB2669
# CVE-2021-32708
Affected versions of this package are vulnerable to Race Condition. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely.
How the Exploit Works
Unicode Bypass: The filename exploit\u202Ephp.txt uses the Right-to-Left Override (RLO) character to disguise the file extension.
Malicious File Upload: The file is uploaded and stored on the server.
Payload Execution: If the server allows code execution in the uploads directory, the attacker can run the PHP payload remotely.