ArchLinux: 201902-18: hiawatha: directory traversal
Summary
In Hiawatha before 10.8.4 a remote attacker is able to do directory traversal if AllowDotFiles is enabled.
Resolution
Upgrade to 10.8.4-1.
# pacman -Syu "hiawatha>=10.8.4-1"
The problem has been fixed upstream in version 10.8.4.
References
https://www.hiawatha-webserver.org/changelog https://security.archlinux.org/CVE-2019-8358
Workaround
None.