Bug Description
The client enforces a 20MB limit, but the server does not validate file size before broadcasting. A modified client can send arbitrarily large files to all connected users.
File & Lines
server code.py — lines 489–499
Severity
Policy/validation gap — server trusts client-side validation only.
Bug Description
The client enforces a 20MB limit, but the server does not validate file size before broadcasting. A modified client can send arbitrarily large files to all connected users.
File & Lines
server code.py— lines 489–499Severity
Policy/validation gap — server trusts client-side validation only.