Maen08

**Name of the Vulnerable Software and Affected Versions** File Browser version 2.38.0 **Description** File Browser provides a file managing interface for managing files within a specified directory, including upload, delete, preview, rename, and edit functionalities. A denial-of-service issue exists in the file processing logic when reading a file on the `/files/{file-name}` endpoint. The server attempts to load the entire file content into memory during read operations without size checks or resource limits. This allows an authenticated user to upload a large file and trigger uncontrolled memory consumption on read, potentially crashing the server and making it unresponsive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** File Browser version 2.39.0 **Description** File Browser provides a file managing interface within a specified directory, allowing users to upload, delete, preview, rename, and edit files. The authentication system in version 2.39.0 issues long-lived JWT tokens that remain valid even after a user logs out. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.