Blue-B

**Name of the Vulnerable Software and Affected Versions** Alienbin versions 1.0.0 and earlier **Description** Alienbin is an anonymous code and text sharing web service. The `/save` API endpoint in the `server.js` file recreates the MongoDB TTL index on the entire post collection with each new paste submission. Submitting a paste with a short TTL value, such as 30 seconds, causes all pastes, including those with longer TTLs (e.g., 7 days), to be deleted after 30 seconds. An attacker can intentionally delete all existing pastes by repeatedly submitting pastes with `ttlOption=30s`. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/save` endpoint until a patch is available.