Description In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Remediation References CVE-2019-8358 Related Vulnerabilities WordPress Plugin RK Responsive Contact Form SQL Injection (1.0.0) IBMHttpServer Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-4947) WordPress Plugin CevherShare Multiple Vulnerabilities (2.1) Atlassian Jira CVE-2019-20402 Vulnerability (CVE-2019-20402) WordPress Plugin WP Prayer Multiple Cross-Site Request Forgery Vulnerabilities (1.6.5) Severity High Classification CVE-2019-8358 CWE-22 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities