In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Arbitrary File Upload vulnerabilities in an interactive lesson.
Start learningUpgrade DotVVM to version 4.2.11, 4.3.15, 5.0.0-preview09-final or higher.
DotVVM is an open source ASP.NET-based framework which allows to build interactive web apps easily by using mostly C# and HTML.
Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload process. An attacker can exhaust disk space by uploading arbitrary files without restriction.
This vulnerability can be mitigated by removing AddUploadedFileStorage or AddDefaultTempStorage from the configuration to temporarily disable file uploads.