Dubs3C

**Name of the Vulnerable Software and Affected Versions** Appwrite versions 0.5.0 through 0.12.x before 0.12.2 **Description** The issue allows remote attackers to read arbitrary local files via ../ directory traversal in the "ACME-challenge" endpoint. This vulnerability requires the existence of `APP STORAGE CERTIFICATES/.well-known/acme-challenge` on disk, which is automatically created when installing Let's Encrypt certificates via Appwrite. **Recommendations** For Appwrite versions 0.5.0 through 0.12.x before 0.12.2, update to version 0.12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "ACME-challenge" endpoint or removing the `APP STORAGE CERTIFICATES/.well-known/acme-challenge` directory if Let's Encrypt certificates are not needed.