Name of the Vulnerable Software and Affected Versions: Drupal 8 core (affected versions not specified)

Description: The issue concerns the file save upload() function, which does not remove leading and trailing dots from filenames. This could allow users with file upload permissions, especially when used with contributed modules, to upload system files like .htaccess, potentially bypassing security protections provided by Drupal's default .htaccess file.

Recommendations: For Drupal 8 core, update the file save upload() function to trim leading and trailing dots from filenames to prevent potential security bypasses. At the moment, there is no information about a newer version that contains a fix for this vulnerability.