Description
FUXA <= 1.1.12 is vulnerable to Local File Inclusion via /api/download.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.1.12
References
Related Issues
- tarteaucitron Cross-site Scripting (XSS) - CVE-2025-1467
- Cross site scripting in markdown-to-jsx - CVE-2024-21535
- uPlot Prototype Pollution vulnerability - CVE-2024-21489
- FUXA vulnerable to Local File Inclusion - CVE-2023-31716
- Tags:
- npm
- fuxa-server
Anything's wrong? Let us know Last updated on September 25, 2024