Merge commit from fork

Fix for path traversal (GHSA-948g-2vm7-mfv7)

backend/src/routes/coreRoutes/corePublicRouter.js

@@ -8,9 +8,10 @@ const path = require('path');
 router.route('/:subPath/:directory/:file').get(function (req, res) {
   try {
     const { subPath, directory, file } = req.params;
-
+    //subPath sanitization check
+    sanitizedPath = path.normalize(subPath).replace(/^(\.\.[\/\\])+/, '');
     const options = {
-      root: path.join(__dirname, `../../public/${subPath}/${directory}`),
+      root: path.join(__dirname, `../../public/${sanitizedPath}/${directory}`),
     };
     const fileName = file;
     return res.sendFile(fileName, options, function (error) {