Primary

Context

Outline Local File Storage CSP Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in Outline versions 0.72.0 through 0.83.0, allowing a Content Security Policy (CSP) bypass through the local file storage feature. When self-hosted with FILE_STORAGE set to local, a malicious payload can be uploaded as a file attachment, bypassing CSP restrictions and enabling script execution in the context of another user.

Impact

Exploitation of this vulnerability allows for a CSP bypass and ContentType bypass, potentially leading to unauthorized script execution within another user's context.

Remediation

Users can upgrade to Outline version 0.84.0, which includes the necessary CSP protections. Alternatively, self-hosted instances can apply a workaround by ensuring the 'files.get' endpoint responses include the 'Content-Security-Policy: sandbox' header, using a proxy in front of Outline.

Added: Sep 3, 2025, 4:28 AM

Updated: Sep 3, 2025, 4:28 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

5.8

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

5.8

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Outline Local File Storage CSP Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Outline

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating