Advisories for Npm/Psitransfer package

2024

PsiTransfer: Violation of the integrity of file distribution

Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. Details Vulnerable endpoint: POST /files

PsiTransfer: File integrity violation

The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution.