Toeverything AFFiNE 代码注入漏洞

Toeverything AFFiNE is a knowledge management software from Toeverything open source. AFFiNE 0.24.1 and earlier versions suffer from a code injection vulnerability that stems from an unknown code flaw in the Avatar Upload Image Endpoint component, which could lead to a cross-site scripting attack...