CVE-2018-9206

Published: 11 October 2018

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

Priority

High

CVSS 3 base score: 9.8

Status

Package Release Status
libjs-jquery-file-upload
Launchpad, Ubuntu, Debian
Upstream
Released (9.22.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (9.19.1-1ubuntu0.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f