UPDATE NOW: Vulnerability in Apache HTTP Server 2.4.49 Allows Files Outside of the Site Root to be Retrieved
A matter of urgency generated an update of http-server Apache 2.4.50, which eliminated an already actively exploited 0-day vulnerability (CVE-2021-41773 ), allowing you to access your files from areas outside the site root. The vulnerability can be used to load arbitrary system files and source texts of web scripts that are readable by the user under which the HTTP server is running. The developers were notified of the problem on September 17 but were able to release the update only today, after cases of using the vulnerability to attack sites were recorded on the network.
Source: Linux Today