Candidate: CVE-2018-9206
PublicDate: 2018-10-11 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9206
 https://github.com/blueimp/jQuery-File-Upload/pull/3514
 http://www.vapidlabs.com/advisory.php?v=204
 https://github.com/lcashdol/Exploits/tree/master/CVE-2018-9206
Description:
 Unauthenticated arbitrary file upload vulnerability in Blueimp
 jQuery-File-Upload <= v9.22.0
Ubuntu-Description:
Notes:
 msalvatore> Larry Cashdollar (discoverer) emailed security@ubuntu saying that,
             "The code is just in a different spot and gzip compressed."
Bugs:
Priority: high
Discovered-by: Larry Cashdollar
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_libjs-jquery-file-upload:
 upstream: https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f
upstream_libjs-jquery-file-upload: released (9.22.1)
precise/esm_libjs-jquery-file-upload: DNE
trusty_libjs-jquery-file-upload: DNE
trusty/esm_libjs-jquery-file-upload: DNE
xenial_libjs-jquery-file-upload: DNE
bionic_libjs-jquery-file-upload: released (9.19.1-1ubuntu0.1)

cosmic_libjs-jquery-file-upload: released (9.21.0-1ubuntu0.1)

disco_libjs-jquery-file-upload: not-affected (9.25.0-1)
devel_libjs-jquery-file-upload: not-affected (9.25.0-1)