Update oneup/uploader-bundle to 1.9.4 (security release)

Cocolabs-SAS / cocorico

👐 Cocorico is an open source marketplace solution for services and rentals. More information right here: https://www.cocorico.io/ 🚀 Cocorico is also available in an off-the-shelf SaaS package, check out https://www.hatch.li to launch your platform today. 😍 We are hiring (telecommute welcome 🏡): https://www.welcometothejungle.com/en/companies/cocorico/jobs/candidatures-spontanees#apply

https://www.cocolabs.com

MIT License

860 stars 612 forks source link

Update oneup/uploader-bundle to 1.9.4 (security release) #455

Closed bytehead closed 4 years ago

bytehead commented 4 years ago

Q	A
Bug fix?	Yes (Security)
New feature?	No
Tests pass?	Yes
License	MIT

Relative Path Traversal (CWE-23) in chunked uploads. See more here: https://github.com/1up-lab/OneupUploaderBundle/security/advisories/GHSA-x8wj-6m73-gfqp

Checklist:

[ ] Update CHANGELOG.md

cocolabssas commented 4 years ago

Hi @bytehead,

Thanks for this PR! :)