Convert a file — what used to be a multi-step job flow (create job → add input → set conversion → start → poll → download) is now a single call: ...
The default file-input block has allowedFileTypes disabled, so the check is skipped entirely; even when enabled, the attacker simply declares an allowed MIME (fileType) while uploading an .html body ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results