Path traversal with weak protection mechanism

Found a way to escape the /tmp/files/notes/ directory and access arbitary files on the vulnerable application!

Goal

Capture the flag! The flag can be found in the file: /tmp/secret/flag.txt