Lucene search
GoogleOSV:GHSA-RP2C-JRGP-CVR8HistoryDec 16, 2021 - 3:32 p.m.
Code injection in plupload
2021-12-1615:32:31
Google
osv.dev
11
0.003 Low
EPSS
Percentile
70.7%
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
References
github.com/moxiecode/plupload
github.com/moxiecode/plupload/blob/master/js/jquery.plupload.queue/jquery.plupload.queue.js%23L226
github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb
nvd.nist.gov/vuln/detail/CVE-2021-23562
snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2306665
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2306663
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMOXIECODE-2306664
snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909
Related
cve
cve
CVE-2021-23562
2021-12-03 20:15:07
github
github
Code injection in plupload
2021-12-16 15:32:31
nvd
nvd
CVE-2021-23562
2021-12-03 20:15:07
prion
prion
Design/Logic Flaw
2021-12-03 20:15:00
osv
osv
CVE-2021-23562
2021-12-03 20:15:07
veracode
veracode
Cross-site Scripting (XSS)
2021-12-06 09:55:13
cvelist
cvelist
CVE-2021-23562 Arbitrary File Upload
2021-12-03 00:00:00
ubuntucve
ubuntucve
CVE-2021-23562
2021-12-03 00:00:00