Null Byte Injection in Plug.Static

Plug.Static is used for serving static assets, and is vulnerable to null
byte injection. If file upload functionality is provided, this can allow
users to bypass filetype restrictions.
We recommend all applications that provide file upload functionality and
serve those uploaded files locally with Plug.Static to upgrade immediately
or include the fix below. If uploaded files are rather stored and served
from S3 or any other cloud storage, you are not affected.