Advisory 2023-06/03 Denial of Service Vulnerability

Vulnerability typeRegular expression denial of service attack vulnerability
Severity factors

This vulnerability has a CVSS score of 7.5 with a high severity rating.

Versions affectedFileCloud Versions 22.1 and earlier
Version fixedFileCloud Version 23.1 and later


In versions of the http-cache semantics node module lower that 4.1.1, malicious header values could be sent to the server. 


These vulnerabilities have been fixed in FileCloud version, which uses a newer version of the JS library to build the user interface.

What you should do to fix this vulnerability

  • If you are using FileCloud Server, it is recommended that you update to the latest version, which is or greater. This will resolve the issue.
  • If you are using FileCloud Online, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support.