2 matches found
CVE-2025-65112
PubNet is a self-hosted Dart/Flutter package service. CVE-2025-65112 concerns the /api/storage/upload endpoint, which prior to version 1.1.3 allowed unauthenticated users to upload packages using arbitrary author-id values, enabling identity spoofing and privilege escalation. Public advisories fr...
PT-2025-48350
Name of the Vulnerable Software and Affected Versions PubNet versions prior to 1.1.3 Description PubNet is a self-hosted Dart & Flutter package service. The /api/storage/upload endpoint allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enabl...