starred/tinyfilemanager

Fork 0

mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2026-04-26 10:55:56 +03:00

[GH-ISSUE #555] 🚨 Potential Security Vulnerability #401

New issue

Closed

opened 2026-03-02 15:58:29 +03:00 by kerem · 10 comments

kerem commented

2026-03-02 15:58:29 +03:00

Owner

Originally created by @ranjit-git on GitHub (May 23, 2021).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/555

Hello, @prasathmani - 5 potential high severity security vulnerability in your repository has been disclosed to huntr.

Visit report url and validate them
https://www.huntr.dev/bounties/6-other-prasathmani/tinyfilemanager/
https://www.huntr.dev/bounties/7-other-prasathmani/tinyfilemanager/
https://www.huntr.dev/bounties/8-other-prasathmani/tinyfilemanager/
https://www.huntr.dev/bounties/9-other-prasathmani/tinyfilemanager/
https://www.huntr.dev/bounties/10-other-prasathmani/tinyfilemanager/

Originally created by @ranjit-git on GitHub (May 23, 2021). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/555 Hello, @prasathmani - 5 potential high severity security vulnerability in your repository has been disclosed to huntr. Visit report url and validate them [https://www.huntr.dev/bounties/6-other-prasathmani/tinyfilemanager/](https://www.huntr.dev/bounties/6-other-prasathmani/tinyfilemanager/) [https://www.huntr.dev/bounties/7-other-prasathmani/tinyfilemanager/](https://www.huntr.dev/bounties/7-other-prasathmani/tinyfilemanager/) [https://www.huntr.dev/bounties/8-other-prasathmani/tinyfilemanager/](https://www.huntr.dev/bounties/8-other-prasathmani/tinyfilemanager/) [https://www.huntr.dev/bounties/9-other-prasathmani/tinyfilemanager/](https://www.huntr.dev/bounties/9-other-prasathmani/tinyfilemanager/) [https://www.huntr.dev/bounties/10-other-prasathmani/tinyfilemanager/](https://www.huntr.dev/bounties/10-other-prasathmani/tinyfilemanager/)

kerem

2026-03-02 15:58:29 +03:00

closed this issue
added the
Security
label

kerem commented

2026-03-02 15:58:30 +03:00

Author

Owner

@zer0h-bb commented on GitHub (May 25, 2021):

Hi @prasathmani, two other vulnerabilities were found in your repo, please check :

@zer0h-bb commented on GitHub (May 25, 2021): Hi @prasathmani, two other vulnerabilities were found in your repo, please check : - https://huntr.dev/bounties/4-other-prasathmani/tinyfilemanager/ - https://huntr.dev/bounties/5-other-prasathmani/tinyfilemanager/ Best regards,

kerem commented

2026-03-02 15:58:30 +03:00

Author

Owner

@x3rz commented on GitHub (May 30, 2021):

Hello @prasathmani, one more vulnerability was found in your code, visit and do check it.
https://www.huntr.dev/bounties/11-other-prasathmani/tinyfilemanager/

@x3rz commented on GitHub (May 30, 2021): Hello @prasathmani, one more vulnerability was found in your code, visit and do check it. https://www.huntr.dev/bounties/11-other-prasathmani/tinyfilemanager/

kerem commented

2026-03-02 15:58:30 +03:00

Author

Owner

@ranjit-git commented on GitHub (Jan 5, 2022):

Hello, i see it has been 6 month since bug reported and still many of them are not validated .
As fix taking long time so you can validate the report now and when patch is ready then you can confirm the fix also .
Huntr team did not proccessed the bounty to reporter untill it validated.
We invest our time to secure opensource project and report potential security vulnerability to huntr responsively .
If maintainer validate them then reporter gets bounty and it will encourage us to make opensource project a safer place .
Thanks

@ranjit-git commented on GitHub (Jan 5, 2022): Hello, i see it has been 6 month since bug reported and still many of them are not validated . As fix taking long time so you can validate the report now and when patch is ready then you can confirm the fix also . Huntr team did not proccessed the bounty to reporter untill it validated. We invest our time to secure opensource project and report potential security vulnerability to huntr responsively . If maintainer validate them then reporter gets bounty and it will encourage us to make opensource project a safer place . Thanks

kerem commented

2026-03-02 15:58:30 +03:00

Author

Owner

@michael-milette commented on GitHub (Feb 5, 2022):

Have the security issues reported in CVE-2021-40965 5 months ago been addressed yet?

For more information, please see: https://www.cvedetails.com/cve/CVE-2021-40965/

@michael-milette commented on GitHub (Feb 5, 2022): Have the security issues reported in CVE-2021-40965 5 months ago been addressed yet? For more information, please see: https://www.cvedetails.com/cve/CVE-2021-40965/

kerem commented

2026-03-02 15:58:30 +03:00

Author

Owner

@prasathmani commented on GitHub (Feb 5, 2022):

not actively contributing now, will fix all this in future release

@prasathmani commented on GitHub (Feb 5, 2022): not actively contributing now, will fix all this in future release

kerem commented

2026-03-02 15:58:30 +03:00

Author

Owner

@prasathmani commented on GitHub (Feb 12, 2022):

fix to path traversal vulnerability #718. by @joaogmauricio

@prasathmani commented on GitHub (Feb 12, 2022): fix to path traversal vulnerability #718. by @joaogmauricio

kerem commented

2026-03-02 15:58:30 +03:00

Author

Owner

@ranjit-git commented on GitHub (Feb 12, 2022):

Hello, @prasathmani - 5 potential high severity security vulnerability in your repository has been disclosed to huntr.

Visit report url and validate them https://www.huntr.dev/bounties/6-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/7-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/8-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/9-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/10-other-prasathmani/tinyfilemanager/

@prasathmani
Can you plz validate/invalidate those report in huntr so that huntr can give bounty?

@ranjit-git commented on GitHub (Feb 12, 2022): > Hello, @prasathmani - 5 potential high severity security vulnerability in your repository has been disclosed to huntr. > > Visit report url and validate them https://www.huntr.dev/bounties/6-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/7-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/8-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/9-other-prasathmani/tinyfilemanager/ https://www.huntr.dev/bounties/10-other-prasathmani/tinyfilemanager/ @prasathmani Can you plz validate/invalidate those report in huntr so that huntr can give bounty?

kerem commented

2026-03-02 15:58:31 +03:00

Author

Owner

@x3rz commented on GitHub (Feb 12, 2022):

Not only these but all mentioned report
thanks

@x3rz commented on GitHub (Feb 12, 2022): Not only these but all mentioned report thanks

kerem commented

2026-03-02 15:58:31 +03:00

Author

Owner

@prasathmani commented on GitHub (Nov 19, 2022):

This issue is addressed in the new release.

@prasathmani commented on GitHub (Nov 19, 2022): This issue is addressed in the new [release](https://github.com/prasathmani/tinyfilemanager/releases/tag/2.5.0).

kerem commented

2026-03-02 15:58:31 +03:00

Author

Owner

@michael-milette commented on GitHub (Nov 21, 2022):

Thank you @prasathmani !

@michael-milette commented on GitHub (Nov 21, 2022): Thank you @prasathmani !