{"id":"CVE-2021-40886","details":"Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.","modified":"2026-03-14T11:10:54.460979Z","published":"2021-10-11T11:15:09.590Z","references":[{"type":"EVIDENCE","url":"https://github.com/projectsend/projectsend/issues/993"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/projectsend/projectsend","events":[{"introduced":"0"},{"last_affected":"1ec836a08d8c71d1347cc08552ee7b3bd218f21f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"r1295"}]}}],"versions":["r1053","r1070","r1270","r1295","r559","r753","r754","r756"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40886.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}