CVE-2025-49135: Cvat Missing Tusfile Validation
Missing ownership validation for locally uploaded TUS files during resource import. This allows an attacker to specify a file ID belonging to another user and import their data. Ensure that the referenced `TusFile` is validated against the current user's ID to prevent Insecure Direct Object Reference (IDOR).
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Python
Pythongreprules fetch cve-2025-49135-cvat-missing-tusfile-validation --engine opengrepDescription
Missing ownership validation for locally uploaded TUS files during resource import. This allows an attacker to specify a file ID belonging to another user and import their data. Ensure that the referenced `TusFile` is validated against the current user's ID to prevent Insecure Direct Object Reference (IDOR).
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0