CVE-2024-31454: PsiTransfer: File integrity violation

April 5, 2024 (updated April 9, 2024)

The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution.

References

github.com/advisories/GHSA-2p2x-p7wj-j5h2
github.com/psi-4ward/psitransfer
github.com/psi-4ward/psitransfer/commit/0014d81141e0f1664ccb6841970ef1ea0237cca3
github.com/psi-4ward/psitransfer/security/advisories/GHSA-2p2x-p7wj-j5h2
nvd.nist.gov/vuln/detail/CVE-2024-31454

Detect and mitigate CVE-2024-31454 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →