This package has been included in various other packages and this code included in the projects web accessible path. It’s actively being exploited in the wild. CVE-2018-9206

https://github.com/blueimp/jQuery-File-Upload/pull/3514