Question: Is the default HestiaCP config affected by the recent Apache 2.4.49/50 bug that is being exploited recently? I’m asking because on my HestiaCP system the (presumably vulnerable) Apache 2.4.49-50 packages from sury.org were used during the last month.
critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)