plupload@2.3.6 vulnerabilities

Plupload is a JavaScript API for dealing with file uploads it supports features like multiple file selection, file type filtering, request chunking, client side image scaling and it uses different runtimes to achieve this such as HTML 5, Silverlight and F

Direct Vulnerabilities

Known vulnerabilities in the plupload package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Arbitrary File Upload

plupload is a Plupload is JavaScript API for building file uploaders. It supports multiple file selection, file filtering, chunked upload, client side image downsizing and when necessary can fallback to alternative runtimes, like Flash and Silverlight.

Affected versions of this package are vulnerable to Arbitrary File Upload. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.

How to fix Arbitrary File Upload?

Upgrade plupload to version 2.3.9 or higher.

<2.3.9