@schestowitz That php-fpm/nginx issue (or a misconfiguration issue, depending on how to look at it) got branded?..
The issue did get my attention when I learnt of it, but I never thought of it as *that* interesting, albeit maybe embarrassing for PHP: it's a continuation of the 2010 php-fpm bug of a similar nature; the mitigation is also the same: don't pass to php-fpm filenames you don't know exist. Everything I've configured wasn't affected at all.
https://loadaverage.org/url/5777090 – here it also doesn't sound serious at all.
Ugh, just update PHP already and/or harden the nginx configuration.