Arch Linux Security Advisory ASA-201902-18 ========================================== Severity: High Date : 2019-02-16 CVE-ID : CVE-2019-8358 Package : hiawatha Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-900 Summary ======= The package hiawatha before version 10.8.4-1 is vulnerable to directory traversal. Resolution ========== Upgrade to 10.8.4-1. # pacman -Syu "hiawatha>=10.8.4-1" The problem has been fixed upstream in version 10.8.4. Workaround ========== None. Description =========== In Hiawatha before 10.8.4 a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Impact ====== A remote attacker is able to read arbitrary files from a hiawatha server. References ========== https://www.hiawatha-webserver.org/changelog https://security.archlinux.org/CVE-2019-8358