Headline

CVE-2022-4111: fix: add max file size validator for user avatar · ToolJet/ToolJet@01cd3f0

What happens if a bot net starts uploading 100MB files from 100 machines at the same time. This would mean that our network pipes are clogged handling 10GB of data while slowing down our real customers… the answer the site will down and come not available

2 years ago

CVE

Open in Source

#mac #js #auth

@@ -1,4 +1,13 @@ import { Body, Controller, Post, Patch, UseGuards, UseInterceptors, UploadedFile } from '@nestjs/common’; import { Body, Controller, Post, Patch, UseGuards, UseInterceptors, UploadedFile, BadRequestException, } from '@nestjs/common’; import { Express } from 'express’; import { FileInterceptor } from '@nestjs/platform-express’; import { JwtAuthGuard } from 'src/modules/auth/jwt-auth.guard’; @@ -7,6 +16,8 @@ import { UsersService } from 'src/services/users.service’; import { User } from 'src/decorators/user.decorator’; import { UpdateUserDto } from '@dto/user.dto’;
const MAX_AVATAR_FILE_SIZE = 1024 * 1024 * 2; // 2MB
@Controller(‘users’) export class UsersController { constructor(private usersService: UsersService) {} @@ -27,6 +38,10 @@ export class UsersController { @UseGuards(JwtAuthGuard) @UseInterceptors(FileInterceptor(‘file’)) async addAvatar(@User() user, @UploadedFile() file: Express.Multer.File) { // TODO: use ParseFilePipe to validate file size from nestjs v9 if (file.size > MAX_AVATAR_FILE_SIZE) { throw new BadRequestException(‘File size is greater than 2MB’); } return this.usersService.addAvatar(user.id, file.buffer, file.originalname); }

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago