[MEDIUM] Reflected file download vulnerability

PKSA-cvhr-cpqr-xzbr CVE-2016-3168 GHSA-qqxc-cppg-4xp8

Affected package: drupal/core

Affected version: >=8.0,<8.0.4

Reported by:
FriendsOfPHP/security-advisories, GitHub