psitransfer@2.0.0 vulnerabilities

Simple open source self-hosted file sharing solution

latest version

2.2.0
latest non vulnerable version

2.2.0
first published

5 years ago
latest version published

7 months ago
licenses detected
- BSD-2-Clause
  >=0
View psitransfer package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the psitransfer package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Unrestricted Upload of File with Dangerous Type psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type on the endpoint, which allows users to create a path for uploading a file in a file distribution. An attacker can influence those users who access the file distribution subsequently and insert files with malicious or phishing content by adding arbitrary files to the distribution. How to fix Unrestricted Upload of File with Dangerous Type? Upgrade `psitransfer` to version 2.2.0 or higher.	<2.2.0
M Unrestricted Upload of File with Dangerous Type psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the absence of restrictions on the endpoint designed for uploading files, an attacker who has received the id of a file distribution can alter the files within this distribution. Note: This vulnerability enables an attacker to affect those users who access the file distribution subsequently, potentially slipping in files with malicious or phishing content. How to fix Unrestricted Upload of File with Dangerous Type? Upgrade `psitransfer` to version 2.2.0 or higher.	<2.2.0
M Unrestricted Upload of File with Dangerous Type psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the absence of restrictions on the endpoint, which allows the creation of a path for uploading a file in a file distribution. An attacker can add arbitrary files to the distribution by sending a POST request to `/files` with a specific `Upload-Metadata` header followed by a PATCH request to `/files/{id}` with arbitrary content. How to fix Unrestricted Upload of File with Dangerous Type? Upgrade `psitransfer` to version 2.2.0 or higher.	<2.2.0
M Unrestricted Upload of File with Dangerous Type psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the absence of restrictions on the endpoint designed for uploading files. An attacker who receives the id of a file distribution can alter the files within this distribution by sending a `PATCH` request with arbitrary content. This modification allows the attacker to append malicious or phishing content to the end of the original file, impacting users who access the file distribution subsequently. How to fix Unrestricted Upload of File with Dangerous Type? Upgrade `psitransfer` to version 2.2.0 or higher.	<2.2.0

Go back to all versions of this package

psitransfer@2.0.0 vulnerabilities

Simple open source self-hosted file sharing solution

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities