In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.