Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the upload process. An attacker can upload arbitrary files into a user's personal file storage by tricking an authenticated user into visiting a malicious page that submits a forged multipart request...