Advisory 2023-06/06 Improper Header Validation

Vulnerability typeInterpretation Conflict
Severity factors

This vulnerability has a CVSS score of 6.5 with a medium severity rating.

Versions affectedFileCloud Versions 22.1 and earlier
Version fixedFileCloud Version 23.1 and later

Description

In versions of the Slim-PSR7 earlier than 1.6.1, an actor could include malicious messages in header names.

These vulnerabilities have been fixed in FileCloud version 23.1.0.22595 which upgrades Slim-PSR7 to version 1.6.1.

What you should do to fix this vulnerability

  • If you are using FileCloud Server, it is recommended that you update to the latest version, which is 23.1.0.22595 or greater. This will resolve the issue.
  • If you are using FileCloud Online, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support.