https://seclists.org/oss-sec/2018/q4/54 http://www.vapidlabs.com/advisory.php?v=204 https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years > The vulnerability received the CVE-2018-9206 identifier earlier this month, a good starting point to get more people paying attention. > All jQuery File Upload versions before 9.22.1 are vulnerable. Since the vulnerability affected the code for handling file uploads for PHP apps, other server-side implementations should be considered safe. (is this better placed in services or sysadmin maybe?)