CVE-2018-3747

Name of the Vulnerable Software and Affected Versions public versions prior to 0.1.4 public versions <= 1.0.3

Description The issue allows embedding HTML in file names, which under certain conditions might lead to the execution of malicious JavaScript. This is due to the failure to sanitize filenames, enabling attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code.

Recommendations For public versions prior to 0.1.4, upgrade to version 0.1.4 or later. For public versions <= 1.0.3, upgrade to a version later than 1.0.3.