Kelvin Yip

**Name of the Vulnerable Software and Affected Versions** Spatie media-library-pro library versions 1.17.10 and earlier Spatie media-library-pro library versions 2.x through 2.1.6 **Description** The issue allows remote attackers to upload executable files via the "uploads route" API endpoint. This can be exploited by attackers to upload malicious files. **Recommendations** For Spatie media-library-pro library versions 1.17.10 and earlier, update to a version later than 1.17.10 to resolve the issue. For Spatie media-library-pro library versions 2.x through 2.1.6, update to a version later than 2.1.6 to resolve the issue. As a temporary workaround, consider restricting access to the "uploads route" API endpoint to minimize the risk of exploitation.