[tor-bugs] #28134 [Internal Services/Service - trac]: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 22 03:23:35 UTC 2018
#28134: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)
--------------------------------------------------+-----------------
Reporter: traumschule | Owner: qbi
Type: defect | Status: new
Priority: Immediate | Milestone:
Component: Internal Services/Service - trac | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+-----------------
https://seclists.org/oss-sec/2018/q4/54
http://www.vapidlabs.com/advisory.php?v=204
https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-
exploited-for-at-least-three-years
> The vulnerability received the CVE-2018-9206 identifier earlier this
month, a good starting point to get more people paying attention.
> All jQuery File Upload versions before 9.22.1 are vulnerable. Since the
vulnerability affected the code for handling file uploads for PHP apps,
other server-side implementations should be considered safe.
(is this better placed in services or sysadmin maybe?)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28134>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list