Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-23 02:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix SECURITY ISSUE 5: Attachment API uses bearer value as userId and DoS (Low).

Browse source 
Thanks to Siam Thanat Hack (STH) and xet7 !
This commit is contained in:
Lauri Ojansivu 2025-11-02 11:42:07 +02:00
parent 0a1a075f31
commit ccd9034339
4 changed files with 312 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
server/lib/tests/index.js
View file

@ -3,3 +3,4 @@ import './users.security.tests';
import './boards.security.tests';
import './cards.security.tests';
import './cards.methods.tests';
import './attachmentApi.tests';