On October 24, PHP 7.3.11 (current stable) and PHP 7.2.24 (old stable) were released to address this vulnerability along with other scheduled bug fixes. Those using nginx with PHP-FPM are encouraged to upgrade to a patched version as soon as possible.
If patching is not feasible, the suggested workaround is to include checks to verify whether or not a file exists. This is achieved either by including the try_files directive or using an if statement, such as if (-f $uri).
There is a new PHP/nginx vulnerability that might affect docker-bookstack.
PHP bugtracker: https://bugs.php.net/bug.php?id=78599 Exploit PoC: https://github.com/neex/phuip-fpizdam An example vulnerable docker-compose env: https://github.com/vulhub/vulhub/tree/master/php/CVE-2019-11043
The solution according to this article is:
This is how Nextcloud handles the issue: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/