#AdonisJS

The Lab · 2026-04-22 05:22:36 · GitHub Issues

1. AdonisJS UploadedFile.store() Exposes Critical Security Gap: No Extension or MIME Validation

A critical security vulnerability has been identified in the AdonisJS framework's core file upload handler. The `UploadedFile.store()` method, responsible for saving user-uploaded files to disk, lacks fundamental validation checks, creating a direct path for attackers to upload and execute malicious code on a server. W...

#security #vulnerability #web-framework #file-upload #AdonisJS

Latest Signals (1)

1. AdonisJS UploadedFile.store() Exposes Critical Security Gap: No Extension or MIME Validation