We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a brute-force attack to retrieve the passwords of all accounts in a given instance. This issue has been patched in version 2.34.1.
Reserved 2025-06-24 | Published 2025-06-30 | Updated 2025-06-30 | Assigner GitHub_MCWE-307: Improper Restriction of Excessive Authentication Attempts
CWE-521: Weak Password Requirements
CWE-1392: Use of Default Credentials
github.com/...rowser/security/advisories/GHSA-cm2r-rg7r-p7gg
github.com/...ommit/bf37f88c32222ad9c186482bb97338a9c9b4a93c
Support options