plupload@2.2.0 vulnerabilities
Plupload is a JavaScript API for dealing with file uploads it supports features like multiple file selection, file type filtering, request chunking, client side image scaling and it uses different runtimes to achieve this such as HTML 5, Silverlight and F
-
latest version
2.3.9
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
3 years ago
-
licenses detected
- >=2.2.0 <2.2.1
Direct Vulnerabilities
Known vulnerabilities in the plupload package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
plupload is a Plupload is JavaScript API for building file uploaders. It supports multiple file selection, file filtering, chunked upload, client side image downsizing and when necessary can fallback to alternative runtimes, like Flash and Silverlight. Affected versions of this package are vulnerable to Arbitrary File Upload. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. How to fix Arbitrary File Upload? Upgrade |
<2.3.9
|