Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Based on experience of the latest security vulnerability (CVE-2023-50164) it would be better to keep uploaded files out of scope of passed parameters.
The idea is to have a dedicated interceptor and *Aware interface instead of using parameter injection as it happens currently.