This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).
References
Configurations
History
26 Mar 2024, 11:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
Johndatserakis file-upload-with-preview
Johndatserakis |
|
CPE | cpe:2.3:a:johndatserakis:file-upload-with-preview:*:*:*:*:*:node.js:*:* |
10 Sep 2021, 19:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:file-upload-with-preview_project:file-upload-with-preview:*:*:*:*:*:node.js:*:* | |
References | (CONFIRM) https://snyk.io/vuln/SNYK-JS-FILEUPLOADWITHPREVIEW-1579492 - Third Party Advisory | |
References | (CONFIRM) https://github.com/johndatserakis/file-upload-with-preview/blob/develop/src/file-upload-with-preview.js%23L168 - Broken Link | |
References | (CONFIRM) https://github.com/johndatserakis/file-upload-with-preview/pull/40/files?file-filters%5B%5D=.js&hide-deleted-files=true%23diff-fe47b243de17419c0daa22cd785cd754baed60cf3679d3da1d6fe006f9f4a7f0R174 - Patch, Third Party Advisory |
05 Sep 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-05 14:15
Updated : 2024-03-26 11:44
NVD link : CVE-2021-23439
Mitre link : CVE-2021-23439
CVE.ORG link : CVE-2021-23439
JSON object : View
Products Affected
johndatserakis
- file-upload-with-preview
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')