The /get-patch endpoint processes a purchase in two separate database queries: a SELECT that verifies the token is unused, followed by an UPDATE that marks the token as used. Because SQLite only guards each statement, a malicious actor can issue two requests at the exact same moment and have both SELECT statements succeed before either UPDATE runs.
A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of taylored. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this version. They could allow a malicious actor to read arbitrary files from the server, download paid patches without completing a valid purchase, and weaken the protection of encrypted patches. All users who have installed or generated a taysell-server using version 7.0.7 of taylored …