Go modules package
github.com/stefanprodan/podinfo
pkg:golang/github.com/stefanprodan/podinfo
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-70849 | — | < 1.8.1-0.20260314125853-83deb7fcb742 | 1.8.1-0.20260314125853-83deb7fcb742 | Feb 3, 2026 | Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation |
- CVE-2025-70849Feb 3, 2026affected < 1.8.1-0.20260314125853-83deb7fcb742fixed 1.8.1-0.20260314125853-83deb7fcb742
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation