We have identified a vulnerable Javascript Plupload version 1.5.8 library. One or more vulnerabilities have been reported for this release.

The library Plupload version 1.5.8 has known vulnerabilities cataloged in: CVE-2016-4566

Hi
can you share me the path the file and details about this report to sent to dev team for further checking.

components/com_community/assets/vendors/plupload.min.js is the file reported by our RED TEAM

    rogeriobrito
    Hi
    I will share the details with dev team on this on Monday, once team is back.
    I will update you here if any details required as well.

      rogeriobrito
      Hi,
      As i check, this vulnerable is only for plupload.flash.swf. You only need to delete this file on your server. In next update, we'll replace it by an empty file.

        Write a Reply...
        You need to Login to view replies.