Arbitrary Code Execution

Affecting jquery-file-upload package, ALL versions

high severity

Overview

jquery-file-upload provides Multiple file Uploads with progress bar.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to allowing the upload of arbitrary files. It did not require any validation to upload files to the server.

Remediation

There is no fix version for jquery-file-upload.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2018-9207
CWE
CWE-94
Snyk ID
SNYK-JS-JQUERYFILEUPLOAD-72622
Disclosed
02 Nov, 2018
Published
22 Nov, 2018