Lucene search
K

25 matches found

EUVD
EUVD
added 2026/04/23 12:10 a.m.5 views

EUVD-2026-25150

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

PsiTransfer 路径遍历漏洞

PsiTransfer is a simple, self-hosted file sharing solution developed by Christoph Wiechert. Versions of PsiTransfer prior to 2.4.3 contained a path traversal vulnerability. This vulnerability stemmed from the PATCH upload process, which validated the encoded request paths, but the downstream TUS...

7.5CVSS6.1AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.11 views

PT-2026-34592

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 9:13 p.m.4 views

GHSA-533Q-W4G6-5586 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart

Summary The upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In deployments that use a supported custom PSITRANSFERUPLOADDIR whose basename prefixes a...

7.5CVSS6.1AI score0.00307EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/30 7:25 p.m.3 views

Zip Slip

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Zip Slip in the archive download functionality in endpoints.js‎. An attacker can write arbitrary files outside the intended extraction directory by uploading files wi...

6.9CVSS7AI score
Exploits0References3
EUVD
EUVD
added 2025/12/30 7:25 p.m.4 views

EUVD-2025-205843

PsiTransfer has Zip Slip Path Traversal via TAR Archive Download...

6.5AI score
Exploits0References4
OSV
OSV
added 2025/12/30 7:25 p.m.5 views

GHSA-XPHH-5V4R-R3RX PsiTransfer has Zip Slip Path Traversal via TAR Archive Download

Summary A Zip Slip vulnerability in PsiTransfer allows an unauthenticated attacker to upload files with path traversal sequences in the filename e.g. ../../../.ssh/authorizedkeys. When a victim downloads the bucket as a .tar.gz archive and extracts it, malicious files are written outside the...

8.1CVSS7.3AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:10 a.m.7 views

CVE-2024-31454

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

6.5CVSS6.9AI score0.00524EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.8 views

CVE-2024-31453

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability...

6.5CVSS6.7AI score0.00524EPSS
Exploits0References1
NVD
NVD
added 2024/04/09 6:15 p.m.9 views

CVE-2024-31454

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

6.5CVSS6.6AI score0.00524EPSS
Exploits0References2
NVD
NVD
added 2024/04/09 6:15 p.m.17 views

CVE-2024-31453

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability...

6.5CVSS6.7AI score0.00524EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 5:19 p.m.22 views

CVE-2024-31454 PsiTransfer file integrity violation vulnerability

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

6.5CVSS6.7AI score0.00524EPSS
Exploits0References2
CVE
CVE
added 2024/04/09 5:19 p.m.55 views

CVE-2024-31454

PsiTransfer (open-source file sharing) prior to version 2.2.0 is vulnerable due to unrestricted upload-endpoint access, where an attacker who obtains a file distribution id can replace files within that distribution. This leads to integrity violations at the level of individual files, as exposed ...

6.5CVSS6.5AI score0.00524EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 5:19 p.m.14 views

CVE-2024-31454 PsiTransfer file integrity violation vulnerability

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

6.5CVSS6.6AI score0.00524EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/09 5:19 p.m.14 views

CVE-2024-31454 PsiTransfer file integrity violation vulnerability

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

6.5CVSS7.2AI score0.00524EPSS
Exploits0References2
CVE
CVE
added 2024/04/09 5:12 p.m.63 views

CVE-2024-31453

PsiTransfer is affected by two CVEs: CVE-2024-31453 and CVE-2024-31454, both prior to version 2.2.0. The issue in CVE-2024-31453 arises from lack of endpoint restrictions that let an attacker push arbitrary files into a file distribution bucket, enabling manipulation of the distribution and poten...

6.5CVSS6.6AI score0.00524EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 5:12 p.m.22 views

CVE-2024-31453 PsiTransfer vulnerable to violation of the integrity of file distribution

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability...

6.5CVSS6.8AI score0.00524EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/09 5:12 p.m.17 views

CVE-2024-31453 PsiTransfer vulnerable to violation of the integrity of file distribution

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability...

6.5CVSS7.3AI score0.00524EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 5:12 p.m.19 views

CVE-2024-31453 PsiTransfer vulnerable to violation of the integrity of file distribution

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability...

6.5CVSS6.8AI score0.00524EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

PsiTransfer 安全漏洞

PsiTransfer is a simple open source hosted file sharing solution from the individual developer Christoph Wiechert. A security vulnerability exists in PsiTransfer versions prior to 2.2.0 that stems from an unrestricted endpoint that allows users to create paths to uploaded files in file...

6.5CVSS6.5AI score0.00524EPSS
Exploits0References3
Rows per page
Query Builder