{"id":37012622,"url":"https://github.com/basecom/magento2-disable-customer-address-file-upload","last_synced_at":"2026-01-14T01:12:27.921Z","repository":{"id":321430321,"uuid":"1085742611","full_name":"basecom/magento2-disable-customer-address-file-upload","owner":"basecom","description":"A Magento 2 module that disable the customer address file upload endpoint, as it poses a security risk.","archived":false,"fork":false,"pushed_at":"2025-10-29T13:07:25.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-29T16:54:14.326Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/basecom.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-29T13:03:35.000Z","updated_at":"2025-10-29T14:43:09.000Z","dependencies_parsed_at":null,"dependency_job_id":"1634e911-0930-43fb-aa48-6af23554a077","html_url":"https://github.com/basecom/magento2-disable-customer-address-file-upload","commit_stats":null,"previous_names":["basecom/magento2-disable-customer-address-file-upload"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/basecom/magento2-disable-customer-address-file-upload","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-disable-customer-address-file-upload","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-disable-customer-address-file-upload/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-disable-customer-address-file-upload/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-disable-customer-address-file-upload/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/basecom","download_url":"https://codeload.github.com/basecom/magento2-disable-customer-address-file-upload/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basecom%2Fmagento2-disable-customer-address-file-upload/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28407658,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T00:40:43.272Z","status":"ssl_error","status_checked_at":"2026-01-14T00:40:42.636Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T01:12:27.298Z","updated_at":"2026-01-14T01:12:27.908Z","avatar_url":"https://github.com/basecom.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Basecom_DisableCustomerAddressFileUpload Module\n\n\u003cdiv align=\"center\"\u003e\n\n[![Packagist][ico-version]][link-packagist]\n[![Software License][ico-license]](LICENSE)\n![Supported Magento Versions][ico-compatibility]\n\n\u003c/div\u003e\n\nThis module disables the file upload functionality for customer address attributes in Magento 2. This file upload is by\ndefault open to every user and can open up your system to security vulnerabilities.\n\nThe SessionReaper attacks exploit this endpoint to upload malicious files to your server and then execute them.\nWhile the remote code execution vulnerability has been patched, the upload endpoint was kept open and remains a security\nrisk.\n\nInstall this module to disable the upload endpoint and secure your Magento installation.\n\n## Installation\n\n1. Install the module via composer\n\n    ```console\n    composer require basecom/magento2-disable-customer-address-file-upload\n    ```\n\n2. Enable the module\n\n    ```console\n    bin/magento module:enable Basecom_DisableCustomerAddressFileUpload\n    bin/magento setup:upgrade\n    ```\n\n## Security\n\nIf you discover any security related issues, please email \u003cmagento@basecom.de\u003e instead of using the issue tracker.\n\n## License\n\nLicensed under the [MIT](LICENSE) license.\n\n## Copyright\n\nbasecom GmbH \u0026 Co. KG\n\n[ico-version]: https://img.shields.io/packagist/v/basecom/magento2-disable-customer-address-file-upload.svg?style=flat-square\n\n[ico-license]: https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square\n\n[ico-compatibility]: https://img.shields.io/badge/magento-2.4-brightgreen.svg?logo=magento\u0026longCache=true\u0026style=flat-square\n\n[link-packagist]: https://packagist.org/packages/basecom/magento2-disable-customer-address-file-upload\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasecom%2Fmagento2-disable-customer-address-file-upload","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbasecom%2Fmagento2-disable-customer-address-file-upload","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasecom%2Fmagento2-disable-customer-address-file-upload/lists"}