Details
-
Bug
-
Status: Closed (View Workflow)
-
High
-
Resolution: Fixed
-
2.3
-
None
Description
An attacker can craft a specific attachment filename, or rename the file once it has been uploaded to introduce arbitrary headers into the response stream