CVE-2021-41764

Name of the Vulnerable Software and Affected Versions Streama versions up to and including 1.10.3

Description A cross-site request forgery (CSRF) vulnerability exists in the application. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker.

Recommendations For versions up to and including 1.10.3, consider implementing CSRF checks for actions like uploading local files to prevent exploitation. As a temporary workaround, restrict access to file upload functionality until a patch is available. Avoid using the file upload feature in the affected application until the issue is resolved.