angular-base64-upload vulnerable to unauthenticated remote code execution
- Severity:
- High
Description
angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the angular-base64-upload/demo/server.php endpoint. Exploitation of this vulnerability involves uploading arbitrary file content to the server, which can subsequently accessed through the angular-base64-upload/demo/uploads endpoint.
Recommendation
Update the angular-base64-upload package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.1.21
- Patched version(s): 0.1.21
References
Related Issues
- Volto affected by possible DoS by invoking specific URL by anonymous user - CVE-2025-58047
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 3 - CVE-2024-52810
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 2 - CVE-2024-52810
- vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - CVE-2024-6783
- Tags:
- npm
- angular-base64-upload
Anything's wrong? Let us know Last updated on October 11, 2024