blueimp-file-upload@8.9.0

Vulnerabilities

1 via 1 paths

Dependencies

4

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Arbitrary Code Execution

  • Vulnerable module: blueimp-file-upload
  • Introduced through: blueimp-file-upload@8.9.0

Detailed paths

  • Introduced through: blueimp-file-upload@8.9.0
    Remediation: Upgrade to blueimp-file-upload@9.22.1.

Overview

blueimp-file-upload is a File Upload widget with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video for jQuery.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to allowing the upload of arbitrary files. It did not require any validation to upload files to the server.

Remediation

Upgrade blueimp-file-upload to version 9.22.1 or higher.

References