| 제목 | zlt2000 https://github.com/zlt2000/microservices-platform <=6.0.0 Unrestricted Upload of File with Dangerous Type (CWE-434) |
|---|
| 설명 | In the latest version 6.0.0, the endpoint /api-user/users/file-anon (file-center service ) does not perform any security processing on uploaded files, allowing attackers to upload malicious code to the S3 server. Common attack methods include uploading HTML or PDF files containing malicious JavaScript code to launch XSS or phishing attacks against users. |
|---|
| 원천 | ⚠️ https://github.com/zlt2000/microservices-platform/issues/77 |
|---|
| 사용자 | ZAST.AI (UID 87884) |
|---|
| 제출 | 2025. 07. 26. AM 03:53 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 10. PM 01:32 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 319375 [zlt2000 microservices-platform 까지 6.0.0 FileController.java upload 권한 상승] |
|---|
| 포인트들 | 18 |
|---|