Monday, October 22, 2018

jQuery File Upload Plugin broken for 8 year - open source equals open quality

A recent bug the massively popular jQuery File Upload widget and allowed an attacker to upload arbitrary files on web servers, including command shells for sending out commands for past 8 yrs, was recent corrected. 

According to Bleeping Computer, "
There are over 7,800 variations at the moment, and Cashdollar says that there are cases where the vulnerability exists even if the original code was modified to meet custom needs."

This again puts the quality of open source projects into the spotlight. And now with the quality of Windows Update massively under-performing using this approach, there has to be a rethink. You pay for what you get. User beware.

No comments:

Post a Comment