Vulnerability	Vulnerable Version
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) via the `filter` parameter in the Recent Uploads page. An attacker can cause the server to become unresponsive by submitting specially crafted regular expressions. Note: This is exploitable if the Recent Uploads feature is enabled (which is the default). How to fix Denial of Service (DoS)? Upgrade `copyparty` to version 1.18.9 or higher.	[,1.18.9)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `filter` parameter in the recent uploads page. An attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious URL containing a specially crafted `filter` value. How to fix Cross-site Scripting (XSS)? Upgrade `copyparty` to version 1.18.7 or higher.	[,1.18.7)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via the filter parameter in the Recent Uploads page. An attacker can cause the server to become unresponsive by submitting specially crafted regular expressions.

Note: This is exploitable if the Recent Uploads feature is enabled (which is the default).

How to fix Denial of Service (DoS)?

Upgrade copyparty to version 1.18.9 or higher.

[,1.18.9)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the filter parameter in the recent uploads page. An attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious URL containing a specially crafted filter value.

How to fix Cross-site Scripting (XSS)?

Upgrade copyparty to version 1.18.7 or higher.

[,1.18.7)

Go back to all versions of this package