Advisory 2024-02/01 jQuery Vulnerability

Vulnerability typeUntrusted code execution
Severity factors

This vulnerability has CVSS scores of 6.1 to 7.5 with medium to high severity ratings for users who are affected.

FileCloud is updating the javascript library jQuery to version 3.6.

Versions affectedFileCloud versions earlier than 23.232 are affected.
Version fixedFileCloud version 23.232 and later

Description

A jquery vulnerability could enable PDFs to execute malicious script when opened for preview using PDF.js.


Fix

FileCloud version 23.232.0.24769 upgrades jQuery to version 3.6, which does not include this vulnerability. 

What you should do to fix this vulnerability

  • If you are using FileCloud Server, we recommended that you update to the latest version, which is 23.232.0.24769 or greater. 
  • If you are using FileCloud Online, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support.