mirror of
https://github.com/go-vikunja/vikunja.git
synced 2026-04-24 22:25:15 +00:00
Import metadata is attacker-controlled and can forge a small size to bypass the attachment size limit (GHSA-qh78-rvg3-cv54). Compute the size from the decoded content instead of trusting a.File.Size.
15 KiB
15 KiB