-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCVE-2025-26319-FIX.patch
More file actions
25 lines (25 loc) · 1.06 KB
/
CVE-2025-26319-FIX.patch
File metadata and controls
25 lines (25 loc) · 1.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
diff --git a/packages/components/src/storageUtils.ts b/packages/components/src/storageUtils.ts
index 3639553e..4a1165ca 100644
--- a/packages/components/src/storageUtils.ts
+++ b/packages/components/src/storageUtils.ts
@@ -77,7 +77,7 @@ export const addArrayFilesToStorage = async (mime: string, bf: Buffer, fileName:
fileNames.push(sanitizedFilename)
return 'FILE-STORAGE::' + JSON.stringify(fileNames)
} else {
- const dir = path.join(getStoragePath(), ...paths)
+ const dir = path.join(getStoragePath(), paths.map(_sanitizeFilename).join('/'))
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true })
}
diff --git a/packages/server/package.json b/packages/server/package.json
index 72c98c16..01f588eb 100644
--- a/packages/server/package.json
+++ b/packages/server/package.json
@@ -1,6 +1,6 @@
{
"name": "flowise",
- "version": "2.2.6-hotfix.1",
+ "version": "2.2.6-hotfix.1-patched-26319",
"description": "Flowiseai Server",
"main": "dist/index",
"types": "dist/index.d.ts",