The Precious module in gollum prior to 4.0.1 allows remote malicious users to read arbitrary files by leveraging the lack of a certain temporary-file check.
gollum project gollum