CVE-2018-9206

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-9206

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9206.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-9206

Aliases

GHSA-4cj8-g9cp-v5wr

Downstream

DEBIAN-CVE-2018-9206

UBUNTU-CVE-2018-9206

Published

2018-10-11T15:29:00.640Z

Modified

2026-04-02T01:25:57.251743Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

References

Affected packages

Git / github.com/blueimp/jquery-file-upload

Affected ranges

Type

GIT

Repo

https://github.com/blueimp/jquery-file-upload

Events

Introduced

Last affected

39607fdaaba0dc11ba8c116ac2968e28e796f153

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.22.0"
        }
    ]
}

Affected versions

8.*

8.1.0

8.2.1

8.3.0

8.3.1

8.3.2

8.4.0

8.4.1

8.4.2

8.4.3

8.5.0

8.5.1

8.6.0

8.6.1

8.7.0

8.7.1

8.8.2

8.8.4

8.8.5

8.8.7

8.9.0

9.*

9.0.0

9.0.1

9.0.2

9.1.0

9.10.0

9.10.1

9.10.2

9.10.3

9.10.4

9.10.5

9.10.6

9.10.7

9.11.0

9.11.1

9.11.2

9.12.0

9.12.1

9.12.2

9.12.3

9.12.4

9.12.5

9.2.0

9.2.1

9.3.0

9.4.0

9.4.1

9.4.2

9.5.0

9.5.1

9.5.2

9.5.3

9.5.4

9.5.5

9.5.6

9.5.7

9.5.8

9.6.0

9.7.0

9.7.1

9.7.2

9.8.0

9.8.1

9.9.0

9.9.1

9.9.2

9.9.3

9.9.4

v9.*

v9.12.6

v9.13.0

v9.13.1

v9.14.0

v9.14.1

v9.14.2

v9.15.0

v9.16.0

v9.17.0

v9.18.0

v9.19.0

v9.19.1

v9.19.2

v9.19.3

v9.20.0

v9.21.0

v9.22.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9206.json"