GHSA-2rm3-333w-xvc4: DotVVM: Unrestricted file upload

June 19, 2026

All users of DotVVM with configured file upload storage are affected.

DotVVM allows anyone to upload files to the application, potentially causing denial of service by filling the disk.

References

github.com/advisories/GHSA-2rm3-333w-xvc4
github.com/riganti/dotvvm/security/advisories/GHSA-2rm3-333w-xvc4

Code Behaviors & Features

Detect and mitigate GHSA-2rm3-333w-xvc4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →