VYPR
Low severityOSV Advisory· Published Feb 3, 2026· Updated Feb 5, 2026

CVE-2025-70849

CVE-2025-70849

Description

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/stefanprodan/podinfoGo
< 1.8.1-0.20260314125853-83deb7fcb7421.8.1-0.20260314125853-83deb7fcb742

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.