GHSA-7WQV-XJF3-X35V parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist
Impact The default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g. poc.svg.. The trailing dot causes the extension parser to extract an empty string, which short-circuits the blocklist check, and the...