CVE-2020-9309

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-9309

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-9309.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-9309

Aliases

GHSA-h77w-655f-6j3m

Published

2020-07-15T21:15:13Z

Modified

2024-09-03T03:34:59.626056Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected.

References

https://www.silverstripe.org/download/security-releases/CVE-2020-9309

Affected packages

Git / github.com/silverstripe/recipe-core

Affected ranges

Type: GIT
Repo: https://github.com/silverstripe/recipe-core
Events: Introduced

9e573b8e1c1cb540f350209b6ea36eda7bcbc16f

Fixed

4905c049e3fb51ffd99d1d9716c8532857ab7e53

Type: GIT
Repo: https://github.com/silverstripe/silverstripe-mimevalidator
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e79b33a4e4c1f1982dd2a64aca87be70170ab71a

Affected versions

1.*

1.0.0

1.0.1

1.0.10

1.0.11

1.0.12

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

2.*

2.0.0-beta1