VYPR

npm package

psitransfer

pkg:npm/psitransfer

Vulnerabilities (3)

  • CVE-2026-41180HigApr 23, 2026
    affected < 2.4.3fixed 2.4.3

    PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later writes using the decoded `req.param

  • CVE-2024-31454MedApr 9, 2024
    affected < 2.2.0fixed 2.2.0

    PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distrib

  • CVE-2024-31453MedApr 9, 2024
    affected < 2.2.0fixed 2.2.0

    PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. T