Using a path that contains ../ in the export settings dialouge lets you traverse up the file tree to save thing outside of the datapacks folder, or even outside of the server's folder. This could be used for malicious purposes as it let unprivileged users save files to the server.

I am playing on 1.20.1 forge however I suspect this is an issue on all versions.
Example:

Thanks for reporting this.

I don't really see how this could be use for malicious purposes given that it only allows saving snbt files, but you're right that this shouldn't happen and can have people on server causing mess in folders that they are not supposed to be able to save anything into.

FTBTeams and FTBChunks use snbt for configs and data storage. While you can't type in a file path long enough to overwrite most of these in the UI, the packet does not seem to have a limit so someone could potentially delete all FTB* data, destroying things like chunk claims, member roles, admin permissions and the like.

I'm sure these are not the only mods that use snbt too.

This one was fixed a few days after we discussed it, but I never closed the issue so closing now.

In what commit? The file that seems to manage this (TemplatePersistanceContainer.java in SophCore) has been unchanged for months.

P3pp3rF1y/SophisticatedCore@5167e05