SurveyJS CVE-2024-50427
CRITICALSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136.
AnalysisAI
Unrestricted file upload in SurveyJS versions up to and including 1.9.136 allows authenticated remote attackers to upload files of dangerous types, enabling code execution or content takeover with scope change to other components. EPSS scores this at the 99th percentile (69.65%) indicating very high exploitation probability, though no public exploit identified at time of analysis and not listed in CISA KEV.
Technical ContextAI
SurveyJS by devsoftbaltic is a JavaScript-based form and survey building library widely embedded in web applications to collect user input, including file uploads via survey questions. The flaw is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type), meaning the upload handler fails to validate file extensions, MIME types, or content signatures before persisting attacker-supplied files to the server. When such files (e.g., .php, .jsp, .aspx, .html with embedded scripts) land in a web-accessible directory, the server can be coerced into executing them, turning a benign survey response into a code execution primitive. The CVSS scope change (S:C) indicates the upload affects resources beyond the SurveyJS component itself - typically the hosting web server or downstream consumers of the uploaded content.
Affected ProductsAI
SurveyJS by devsoftbaltic is affected from an unspecified earliest version through and including 1.9.136. No specific CPE string was provided in the intelligence sources and no vendor advisory URL was supplied beyond the Patchstack reporter attribution (audit@patchstack.com), so administrators should consult Patchstack's advisory database and the SurveyJS GitHub repository (devsoftbaltic/SurveyJS) to confirm the precise fixed release.
RemediationAI
Upgrade SurveyJS to a version newer than 1.9.136 once the vendor publishes a patched release; no exact fix version was provided in the available data, so verify the latest release at the devsoftbaltic SurveyJS repository and the Patchstack advisory before deploying. As compensating controls until patched, restrict file uploads in survey questions by configuring SurveyJS to disable the file upload question type or by enforcing strict server-side allowlists on file extension and MIME type at the upload endpoint (trade-off: legitimate file collection use cases break). Store uploaded files outside the web root and serve them via a download handler that sets Content-Disposition: attachment and a safe Content-Type (trade-off: requires application changes). Place a WAF rule in front of the upload endpoint to block requests containing executable extensions or script content signatures (trade-off: bypassable via double extensions or content obfuscation).
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today