Vulnerability Details CVE-2021-23439
This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.6%
CVSS Severity
CVSS v3 Score 4.2
CVSS v2 Score 4.3
References
- https://github.com/johndatserakis/file-upload-with-preview/blob/develop/src/file-upload-with-preview.js%23L168
- https://github.com/johndatserakis/file-upload-with-preview/pull/40/files?file-filters%5B%5D=.js&hide-deleted-files=true%23diff-fe47b243de17419c0daa22cd785cd754baed60cf3679d3da1d6fe006f9f4a7f0R174
- https://snyk.io/vuln/SNYK-JS-FILEUPLOADWITHPREVIEW-1579492
- https://github.com/johndatserakis/file-upload-with-preview/blob/develop/src/file-upload-with-preview.js%23L168
- https://github.com/johndatserakis/file-upload-with-preview/pull/40/files?file-filters%5B%5D=.js&hide-deleted-files=true%23diff-fe47b243de17419c0daa22cd785cd754baed60cf3679d3da1d6fe006f9f4a7f0R174
- https://snyk.io/vuln/SNYK-JS-FILEUPLOADWITHPREVIEW-1579492
Products affected by CVE-2021-23439
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:-
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:1.0.0
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:1.0.1
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:1.0.2
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:1.0.3
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:2.0.0
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:2.0.1
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:2.0.2
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:2.0.3
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:2.1.0
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:2.1.1
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:2.1.2
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.0.0
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.0.1
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.0.2
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.0.3
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.0.4
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.1.1
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.1.2
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.1.3
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.0
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.1
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.2
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.3
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.4
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.5
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.6
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.7
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.8
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.2.9
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.3.0
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.4.0
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.4.1
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.4.2
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:3.4.3
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.0
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.1
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.2
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.3
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.4
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.5
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.6
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.7
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.0.8
-
cpe:2.3:a:johndatserakis:file-upload-with-preview:4.1.0