jquery-file-upload@4.0.5 vulnerabilities

jQuery Upload File plugin provides Multiple file Uploads with progress bar.Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.

Direct Vulnerabilities

Known vulnerabilities in the jquery-file-upload package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

jquery-file-upload is a jQuery Upload File plugin which provides multiple file pploads with a progress bar. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the fileNameStr parameter.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for jquery-file-upload.

*
  • L
Arbitrary Code Execution

jquery-file-upload provides Multiple file Uploads with progress bar.

Affected versions of this package contain demo code which is vulnerable to Arbitrary Code Execution due to allowing the upload of arbitrary files. It did not require any validation to upload files to the server. Using the upload.php demo code will leave users vulnerable.

How to fix Arbitrary Code Execution?

There is no fix version for jquery-file-upload, however it is possible to use the core components safely so long as users do not implement the demo code found in the upload.php file.

*