Fluid Attacks Database

Description

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload function and max_file_size parameter, dash_uploader/configure_upload.py components

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	dash-uploader	=0.1.0 \|\| =0.1.1 \|\| =0.1.2 \|\| =0.2.0 \|\| =0.2.3 \|\| =0.2.4 \|\| =0.3.0 \|\| =0.3.1 \|\| =0.4.0 \|\| =0.4.1 \|\| =0.4.2 \|\| =0.5.0 \|\| =0.6.0 \|\| =0.6.1 \|\| >=0.1.0 <0.7.0a1	0.7.0a1

Aliases

1. CVE-2026-383612. NVD-2026-383613. OSV-PYSEC-2026-374. OSV-2026-383615. GCVE-2026-38361

References

1. https://docs.python.org/3/library/functions.html#all2. https://github.com/fohrloop/dash-uploader/blob/stable/dash_uploader/httprequesthandler.py3. https://libraries.io/pypi/dash-uploader4. https://pepy.tech/project/dash-uploader5. https://pypistats.org/packages/dash-uploader6. https://github.com/fohrloop/dash-uploader/issues/1537. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-38361.yaml8. https://github.com/a1ohadance/CVE-2026-38361

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.