[tor-bugs] #28134 [Internal Services/Service - trac]: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 22 03:23:35 UTC 2018


#28134: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)
--------------------------------------------------+-----------------
     Reporter:  traumschule                       |      Owner:  qbi
         Type:  defect                            |     Status:  new
     Priority:  Immediate                         |  Milestone:
    Component:  Internal Services/Service - trac  |    Version:
     Severity:  Normal                            |   Keywords:
Actual Points:                                    |  Parent ID:
       Points:                                    |   Reviewer:
      Sponsor:                                    |
--------------------------------------------------+-----------------
 https://seclists.org/oss-sec/2018/q4/54
 http://www.vapidlabs.com/advisory.php?v=204

 https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-
 exploited-for-at-least-three-years
 > The vulnerability received the CVE-2018-9206 identifier earlier this
 month, a good starting point to get more people paying attention.
 > All jQuery File Upload versions before 9.22.1 are vulnerable. Since the
 vulnerability affected the code for handling file uploads for PHP apps,
 other server-side implementations should be considered safe.

 (is this better placed in services or sysadmin maybe?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28134>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list