PT-2026-39904
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.10 Description The Plugin URL upload endpoint "POST /api/plugin" contains a flaw in how it validates submitted URLs. It uses a simple substring check to verify if the url variable contains ".tar.gz", which can b...