Skip to content

fix: Stored XSS via malformed Content-Type bypassing file upload extension blocklist (GHSA-r899-h629-j84r)#10521

Merged
mtrezza merged 3 commits into
parse-community:alphafrom
mtrezza:fix/GHSA-r899-h629-j84r-v9
Jun 25, 2026
Merged

fix: Stored XSS via malformed Content-Type bypassing file upload extension blocklist (GHSA-r899-h629-j84r)#10521
mtrezza merged 3 commits into
parse-community:alphafrom
mtrezza:fix/GHSA-r899-h629-j84r-v9

fix: GHSA-r899-h629-j84r

a221f9f
Select commit
Loading
Failed to load commit list.
Refresh
Codecov / codecov/project succeeded Jun 25, 2026 in 0s

92.66% (+0.00%) compared to 4d3465c

View this Pull Request on Codecov

92.66% (+0.00%) compared to 4d3465c

Details

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.66%. Comparing base (4d3465c) to head (a221f9f).

Additional details and impacted files 
@@           Coverage Diff           @@
##            alpha   #10521   +/-   ##
=======================================
  Coverage   92.66%   92.66%           
=======================================
  Files         193      193           
  Lines       16971    16981   +10     
  Branches      248      248           
=======================================
+ Hits        15726    15736   +10     
  Misses       1224     1224           
  Partials       21       21

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
View more details on Codecov