nuxt-file-storage icon indicating copy to clipboard operation
nuxt-file-storage copied to clipboard
verified publisher icon NyllRE

getFileLocally() allows for path traversal attacks

Open phantomeye1931 opened this issue 2 months ago • 1 comments

I think it wise to add protection against path traversal attacks directly into nuxt-file-storage, as currently filenames such as ../.env are allowed and could be used to break out of the file folder.

phantomeye1931 avatar Oct 26 '25 15:10 phantomeye1931

this seems like a very important suggestion. I'll look into fixing it soon thanks for the report

NyllRE avatar Nov 01 '25 04:11 NyllRE