VYPR

Go modules package

github.com/stefanprodan/podinfo

pkg:golang/github.com/stefanprodan/podinfo

Vulnerabilities (1)

  • CVE-2025-70849Feb 3, 2026
    affected < 1.8.1-0.20260314125853-83deb7fcb742fixed 1.8.1-0.20260314125853-83deb7fcb742

    Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation