Homepage

plupload@2.2.0 vulnerabilities

Plupload is a JavaScript API for dealing with file uploads it supports features like multiple file selection, file type filtering, request chunking, client side image scaling and it uses different runtimes to achieve this such as HTML 5, Silverlight and F

  • latest version

    2.3.9

  • latest non vulnerable version

    2.3.9

  • first published

    10 years ago

  • latest version published

    3 years ago

  • licenses detected

  • View plupload package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the plupload package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Arbitrary File Upload

    plupload is a Plupload is JavaScript API for building file uploaders. It supports multiple file selection, file filtering, chunked upload, client side image downsizing and when necessary can fallback to alternative runtimes, like Flash and Silverlight.

    Affected versions of this package are vulnerable to Arbitrary File Upload. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

    How to fix Arbitrary File Upload?

    Upgrade plupload to version 2.3.9 or higher.

    <2.3.9
    Go back to all versions of this package