CVE-2024-42640

Name of the Vulnerable Software and Affected Versions angular-base64-upload versions prior to v0.1.21

Description The issue is related to the angular-base64-upload library, which has a vulnerability that allows an attacker to execute arbitrary code on the server by uploading a specially crafted file. This is due to incorrect restriction of the directory path name with limited access. The exploitation of this vulnerability can lead to the execution of previously uploaded content, enabling the attacker to achieve code execution on the server. The vulnerability only affects products that are no longer supported by the maintainer.

Recommendations For versions prior to v0.1.21, update to version v0.1.21 or later to resolve the issue. As a temporary workaround, consider disabling the demo/server.php endpoint until a patch is available. Restrict access to the demo/uploads endpoint to minimize the risk of exploitation. Avoid using the angular-base64-upload library until the issue is resolved.