Skip to main content

SurveyJS CVE-2024-50427

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2024-10-29 audit@patchstack.com
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
CVSS changed
Apr 23, 2026 - 15:22 NVD
9.9 (CRITICAL)
CVE Published
Oct 29, 2024 - 09:15 nvd
N/A

DescriptionCVE.org

Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136.

AnalysisAI

Unrestricted file upload in SurveyJS versions up to and including 1.9.136 allows authenticated remote attackers to upload files of dangerous types, enabling code execution or content takeover with scope change to other components. EPSS scores this at the 99th percentile (69.65%) indicating very high exploitation probability, though no public exploit identified at time of analysis and not listed in CISA KEV.

Technical ContextAI

SurveyJS by devsoftbaltic is a JavaScript-based form and survey building library widely embedded in web applications to collect user input, including file uploads via survey questions. The flaw is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type), meaning the upload handler fails to validate file extensions, MIME types, or content signatures before persisting attacker-supplied files to the server. When such files (e.g., .php, .jsp, .aspx, .html with embedded scripts) land in a web-accessible directory, the server can be coerced into executing them, turning a benign survey response into a code execution primitive. The CVSS scope change (S:C) indicates the upload affects resources beyond the SurveyJS component itself - typically the hosting web server or downstream consumers of the uploaded content.

Affected ProductsAI

SurveyJS by devsoftbaltic is affected from an unspecified earliest version through and including 1.9.136. No specific CPE string was provided in the intelligence sources and no vendor advisory URL was supplied beyond the Patchstack reporter attribution (audit@patchstack.com), so administrators should consult Patchstack's advisory database and the SurveyJS GitHub repository (devsoftbaltic/SurveyJS) to confirm the precise fixed release.

RemediationAI

Upgrade SurveyJS to a version newer than 1.9.136 once the vendor publishes a patched release; no exact fix version was provided in the available data, so verify the latest release at the devsoftbaltic SurveyJS repository and the Patchstack advisory before deploying. As compensating controls until patched, restrict file uploads in survey questions by configuring SurveyJS to disable the file upload question type or by enforcing strict server-side allowlists on file extension and MIME type at the upload endpoint (trade-off: legitimate file collection use cases break). Store uploaded files outside the web root and serve them via a download handler that sets Content-Disposition: attachment and a safe Content-Type (trade-off: requires application changes). Place a WAF rule in front of the upload endpoint to block requests containing executable extensions or script content signatures (trade-off: bypassable via double extensions or content obfuscation).

Share

CVE-2024-50427 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy