Name of the Vulnerable Software and Affected Versions: Drupal 8 core (affected versions not specified)

Description: The issue arises from the file save upload() function not removing leading and trailing dots from filenames, which could allow users to upload system files like .htaccess. This might bypass protections provided by Drupal's default .htaccess file, especially when used with contributed modules that permit uploading files with any extension.

Recommendations: For Drupal 8 core, update the file save upload() function to trim leading and trailing dots from filenames to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.