Debian Linux Security Advisory 4142-1 - Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory.
969cfa20e880d889e8ea8efc67b9304caf58b0e6d52c234897c6d7c7569b4f9c
uWSGI versions prior to 2.0.17 suffer from a directory traversal vulnerability.
e81a441330bd530dd0585c2f6ab174487c8c91e27174f850328ee26d1e4db873