From securityboulevard.com
![](https://cdn-images-1.medium.com/max/1024/0*H6msyfjN6NN_8G2n.png)
Identified as “GhostCat” and tracked as CVE-2020–1938 / CNVD-2020–10487, the flaw could let remote attackers (without authentication) read the content of any file on a vulnerable web server (or servlet container) and obtain sensitive configuration files or source code, or execute arbitrary code if the server allows file upload.