CVE-2023-31285

Name of the Vulnerable Software and Affected Versions Serenity Serene versions prior to 6.7.0 StartSharp versions prior to 6.7.0

Description A security issue was discovered where users can upload temporary files with certain file endings, such as .html or .htm, that contain a malicious payload. This payload can be used to send a link to an administrator user, potentially leading to exploitation.

Recommendations For Serenity Serene versions prior to 6.7.0, update to version 6.7.0 or later to resolve the issue. For StartSharp versions prior to 6.7.0, update to version 6.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the upload of .html and .htm files to prevent potential exploitation.