Stef Van Esch

**Name of the Vulnerable Software and Affected Versions** marshmallow-packages/nova-tiptap versions prior to 5.7.0 **Description** marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. A missing authentication middleware (Nova and Nova.Auth) on the `/nova-tiptap/api/file` upload endpoint, combined with a lack of validation on uploaded files and dynamic disk parameter selection, allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the application. An attacker can craft a custom form and send a POST request to the `/nova-tiptap/api/file` endpoint, supplying a valid CSRF token, to upload executable or malicious files (e.g., .php, binaries) to public disks such as local, public, or s3. If a publicly accessible storage path is used, the attacker may gain the ability to execute or distribute arbitrary files. **Recommendations** Update marshmallow-packages/nova-tiptap to version 5.7.0 or later.