We have identified a vulnerable Javascript Plupload version 1.5.8 library. One or more vulnerabilities have been reported for this release.
The library Plupload version 1.5.8 has known vulnerabilities cataloged in: CVE-2016-4566
Hi can you share me the path the file and details about this report to sent to dev team for further checking.
components/com_community/assets/vendors/plupload.min.js is the file reported by our RED TEAM
rogeriobrito Hi I will share the details with dev team on this on Monday, once team is back. I will update you here if any details required as well.
rogeriobrito Hi, As i check, this vulnerable is only for plupload.flash.swf. You only need to delete this file on your server. In next update, we'll replace it by an empty file.