Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload
Vulnerability Description
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size restriction entirely. Files up to the server's global MaxFileSizeMB are accepted regardless of the file request's configured limit. This vulnerability is fixed in 2.2.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Gokapi 安全漏洞
Vulnerability Description
Gokapi是Marc Bulling个人开发者的一个轻量级的自托管Firefox发送替代方案。 Gokapi 2.2.4之前版本存在安全漏洞,该漏洞源于分块上传完成路径未验证总文件大小,可能导致攻击者绕过大小限制上传超大文件。
CVSS Information
N/A
Vulnerability Type
N/A