org.webjars.bowergithub.blueimp:jquery-file-upload@10.29.0 vulnerabilities

latest version

10.32.0

first published

6 years ago

latest version published

1 years ago

licenses detected

MIT
[9.21.0,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.bowergithub.blueimp:jquery-file-upload package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `fileNameStr` parameter. How to fix Cross-site Scripting (XSS)? There is no fixed version for `org.webjars.bowergithub.blueimp:jquery-file-upload`.	[0,)
L Arbitrary Code Execution jquery-file-upload provides Multiple file Uploads with progress bar. Affected versions of this package contain demo code which is vulnerable to Arbitrary Code Execution due to allowing the upload of arbitrary files. It did not require any validation to upload files to the server. Using the `upload.php` demo code will leave users vulnerable. How to fix Arbitrary Code Execution? There is no fix version for `jquery-file-upload`, however it is possible to use the core components safely so long as users do not implement the demo code found in the `upload.php` file.	(,)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the fileNameStr parameter.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for org.webjars.bowergithub.blueimp:jquery-file-upload.

[0,)

Arbitrary Code Execution

jquery-file-upload provides Multiple file Uploads with progress bar.

Affected versions of this package contain demo code which is vulnerable to Arbitrary Code Execution due to allowing the upload of arbitrary files. It did not require any validation to upload files to the server. Using the upload.php demo code will leave users vulnerable.

How to fix Arbitrary Code Execution?

There is no fix version for jquery-file-upload, however it is possible to use the core components safely so long as users do not implement the demo code found in the upload.php file.

(,)

Go back to all versions of this package