Debian Linux Security Advisory 4142-1 - Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast, self-healing application container server, does not properly handle a DOCUMENT_ROOT check during use of the --php-docroot option, allowing a remote attacker to mount a directory traversal attack and gain unauthorized read access to sensitive files located outside of the web root directory.
969cfa20e880d889e8ea8efc67b9304caf58b0e6d52c234897c6d7c7569b4f9c