AIKIDO-2025-10491
drupal/stage_file_proxy is vulnerable to Denial of Service (DoS)
50
Medium Risk
This Affects:
drupal/stage_file_proxyTL;DR
Affected versions of this package are vulnerable to a Denial of Service (DoS) attack. The module doesn't sufficiently validate the existence of remote files prior to attempting to download and create them. An attacker could send many requests and exhaust disk resources. This vulnerability is mitigated by the fact it only affects sites where the Origin is configured with a trailing slash.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
drupal/stage_file_proxy is vulnerable to Denial of Service (DoS) in versions 1.0.0 - 3.1.4.
How to fix this
Upgrade the drupal/stage_file_proxy library to the patch version. Sites that cannot upgrade immediately can confirm they do not have a trailing slash or remove the trailing slash to mitigate the issue.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant