mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.