Issue regarding determine uploaded file types on MIME

Question

Issue regarding determine uploaded file types on MIME

nevercodecorrect opened this issue 10 months ago · 3 comments

nevercodecorrect commented 10 months ago

Hi, i played a bit with the project and noticed one potential issue. In this function, the mime type could be manipulated by remote user, hence he could upload any file with a manipulated MIME header. The description of such potential vulnerability is here. One could use magic code to check the uploaded file type rather than rely on the MIME or extension

Answer 1 · 2024-05-19T02:10:26.000Z

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 14 days

Answer 2 · 2024-05-19T14:31:04.000Z

Hello, is there any update?