angular-base64-upload vulnerable to unauthenticated remote code execution

Severity:: High

Description

angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploitation of this vulnerability involves uploading arbitrary file content to the server, which can subsequently accessed through the angular-base64-upload/demo/uploads endpoint.

Recommendation

Update the angular-base64-upload package to the latest compatible version. Followings are version details:

Affected version(s): < 0.1.21
Patched version(s): 0.1.21

References

GHSA-vgxq-6rcf-qwrw
www.zyenra.com
CVE-2024-42640
CWE-434
CAPEC-310
OWASP 2021-A4
OWASP 2021-A6

Related Issues

paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - CVE-2026-41679
paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - paperclipai - CVE-2026-41679
Angular Expressions - Remote Code Execution when using locals - CVE-2024-54152
Nuxt vulnerable to remote code execution via the browser when running the test locally - CVE-2024-34344

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; angular-base64-upload

Anything's wrong? Let us know Last updated on October 11, 2024