B1Anb1An

Name of the Vulnerable Software and Affected Versions: rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97 Description: A critical issue has been found, affecting the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts in the Session Handler component. The manipulation of the `params` argument leads to missing authentication, allowing for remote attacks. The product uses continuous delivery with rolling releases, so no specific version details of affected or updated releases are available. It is expected that this issue will be fixed in the near future. Recommendations: As a temporary workaround, consider disabling the `PUT` function in the `apps/rowboat/app/api/uploads/[fileId]/route.ts` file until a fix is available. Restrict access to the `Session Handler` component to minimize the risk of exploitation. Avoid using the `params` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.