psitransfer@2.0.1 vulnerabilities

Simple open source self-hosted file sharing solution

Direct Vulnerabilities

Known vulnerabilities in the psitransfer package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Unrestricted Upload of File with Dangerous Type

psitransfer is a Simple open source self-hosted file sharing solution

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type on the endpoint, which allows users to create a path for uploading a file in a file distribution. An attacker can influence those users who access the file distribution subsequently and insert files with malicious or phishing content by adding arbitrary files to the distribution.

How to fix Unrestricted Upload of File with Dangerous Type?

Upgrade psitransfer to version 2.2.0 or higher.

<2.2.0
  • M
Unrestricted Upload of File with Dangerous Type

psitransfer is a Simple open source self-hosted file sharing solution

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the absence of restrictions on the endpoint designed for uploading files, an attacker who has received the id of a file distribution can alter the files within this distribution.

Note: This vulnerability enables an attacker to affect those users who access the file distribution subsequently, potentially slipping in files with malicious or phishing content.

How to fix Unrestricted Upload of File with Dangerous Type?

Upgrade psitransfer to version 2.2.0 or higher.

<2.2.0
  • M
Unrestricted Upload of File with Dangerous Type

psitransfer is a Simple open source self-hosted file sharing solution

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the absence of restrictions on the endpoint, which allows the creation of a path for uploading a file in a file distribution. An attacker can add arbitrary files to the distribution by sending a POST request to /files with a specific Upload-Metadata header followed by a PATCH request to /files/{id} with arbitrary content.

How to fix Unrestricted Upload of File with Dangerous Type?

Upgrade psitransfer to version 2.2.0 or higher.

<2.2.0
  • M
Unrestricted Upload of File with Dangerous Type

psitransfer is a Simple open source self-hosted file sharing solution

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the absence of restrictions on the endpoint designed for uploading files. An attacker who receives the id of a file distribution can alter the files within this distribution by sending a PATCH request with arbitrary content. This modification allows the attacker to append malicious or phishing content to the end of the original file, impacting users who access the file distribution subsequently.

How to fix Unrestricted Upload of File with Dangerous Type?

Upgrade psitransfer to version 2.2.0 or higher.

<2.2.0