[MEDIUM] Reflected file download vulnerability

PKSA-s2bq-yz6z-7q3q CVE-2016-3168 GHSA-qqxc-cppg-4xp8

Affected package: drupal/drupal

Affected version: >=8.0,<8.0.4

Reported by:
FriendsOfPHP/security-advisories, GitHub