CTI | Cyber Threat Intelligence | Red Team | Software Bill of Materials | Supply Chain Vulnerability | Threat Intelligence | Vulnerability Research
CVE-2021-45040
A vulnerability (CVE-2021-45040) was reported in Spatie’s Media Library Pro, a Laravel add-on, allowing remote attackers to upload executable files. This happened because the ‘Temporary Upload’ function lacked authentication by default. Other issues include a lack of file name length protection and rate-limiting. Potential solutions include limiting executable file uploads, extending the TemporaryUpload model, and implementing rate limiting. The Laravel Media Library Pro team has since released fixes to address reported issues.