cordova-plugin-file-transfer@0.4.8 vulnerabilities

Cordova File Transfer Plugin

latest version

2.0.0
latest non vulnerable version

2.0.0
first published

10 years ago
latest version published

a year ago
licenses detected
- Apache-2.0
  >=0
View cordova-plugin-file-transfer package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the cordova-plugin-file-transfer package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M CRLF Injection `cordova-plugin-file-transfer` is a Cordova File Transfer Plugin. Affected versions of the package are vulnerable to CRLF Injection. This allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. How to fix CRLF Injection? Upgrade `cordova-plugin-file-transfer` to version 1.3.0 or higher.	<1.3.0