Poor escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem places which have been permitted for being served through the server but are certainly not deliberately/specifically reachable by any URL, leading to code execution or supply code disclosure. Worker: https://annieb580zdo6.ourabilitywiki.com/user