[github.com/dutchcoders/transfer.sh] Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload

dutchcoders Transfer.sh versions 1.4.0 and prior are vulnerable to Cross Site Scripting (XSS) via a malicious document uploaded in transfer.sh. There is a fix commit merged into main for this issue, but an updated version has not yet been released.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-40931
• https://github.com/dutchcoders/transfer.sh/issues/500
• https://github.com/dutchcoders/transfer.sh/pull/501
• https://github.com/advisories/GHSA-pwq7-f7f9-cm2j