CWE-434 Unrestricted File Upload
What this means
SiteShadow flagged a file upload flow where the system accepts files without strong validation and isolation. Attackers can upload unexpected file types, oversized files, or content designed to be executed or served back to users.
Why it matters
Attackers can upload executable content or malware.
- RCE risk if uploaded files can be executed (e.g., server-side scripts) or parsed unsafely.
- Stored XSS if user-uploaded HTML/SVG is served back without sanitization.
- DoS / cost blowups from huge uploads or decompression bombs.
Safer examples
1) Use strict allowlists (type + content)
- Validate MIME type and file signatures (not just extension).
- Allowlist specific types (e.g.,
image/png,image/jpeg).
2) Store uploads safely
- Store outside the web root.
- Use random filenames and separate buckets/containers per risk level.
- Serve via a dedicated file service with correct
Content-TypeandContent-Disposition.
3) Enforce size limits and scanning
- Request size limits
- Antivirus/malware scanning for certain workflows
- Strip metadata for images when appropriate
How SiteShadow detects it (high level)
- Identifies upload handlers and checks for missing allowlists, missing size limits, and risky file serving patterns.
- Flags when uploaded content is served directly back to users without safety controls.
References
- CWE-434: https://cwe.mitre.org/data/definitions/434.html
---