Skip to content

Commit 4e18341

Browse files
Merge pull request #5759 from Countly/johnWeak-master
Add session check to formdata
2 parents b13fd02 + aff4668 commit 4e18341

File tree

2 files changed

+7
-0
lines changed

2 files changed

+7
-0
lines changed

CHANGELOG.md

+3
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ Enterprise fixes:
1010
- [nps] Fixed bug in the editor where the "internal name" field was not mandatory
1111
- [ratings] Fixed UI bug where "Internal name" was not a mandatory field
1212

13+
Security:
14+
- Fixing minor vulnerability that would allow for unauthorized file upload
15+
1316
## Version 24.05.16
1417
Fixes:
1518
- [core] Replaced "Users" with "Sessions" label on technology home widgets

frontend/express/app.js

+4
Original file line numberDiff line numberDiff line change
@@ -603,6 +603,10 @@ Promise.all([plugins.dbConnection(countlyConfig), plugins.dbConnection("countly_
603603
app.use(function(req, res, next) {
604604
var contentType = req.headers['content-type'];
605605
if (req.method.toLowerCase() === 'post' && contentType && contentType.indexOf('multipart/form-data') >= 0) {
606+
if (!req.session?.uid || Date.now() > req.session?.expires) {
607+
res.status(401).send('Unauthorized');
608+
return;
609+
}
606610
var form = new formidable.IncomingForm();
607611
form.uploadDir = __dirname + '/uploads';
608612
form.parse(req, function(err, fields, files) {

0 commit comments

Comments
 (0)