Remote Code Execution (RCE) Affecting angular-base64-upload package, versions <0.1.21
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (10th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-ANGULARBASE64UPLOAD-8185009
- published 13 Oct 2024
- disclosed 11 Oct 2024
- credit Ravindu Wickramasinghe |
Introduced: 11 Oct 2024
New CVE-2024-42640 Open this link in a new tabHow to fix?
Upgrade angular-base64-upload
to version 0.1.21 or higher.
Overview
angular-base64-upload is a Converts files from file input into base64 encoded models.
Affected versions of this package are vulnerable to Remote Code Execution (RCE) via the server.php
endpoint. An attacker can execute arbitrary code on the server by uploading malicious file content that can be accessed and executed via the uploads
endpoint.