GHSA-287f-46j7-j4wh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-287f-46j7-j4wh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-287f-46j7-j4wh/GHSA-287f-46j7-j4wh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-287f-46j7-j4wh
- Aliases
-
- CVE-2024-32872
- Published
- 2024-04-24T17:04:34Z
- Modified
- 2024-04-24T17:28:26.073021Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N CVSS Calculator
- Summary
- Umbraco Workflow's Backoffice users can execute arbitrary SQL
- Details
-
Impact
Backoffice users can execute arbitrary SQL.
Explanation of the vulnerability
A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server.
Affected versions
All versions
Patches
Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2
References
- Database specific
{ "nvd_published_at": "2024-04-24T15:15:48Z", "cwe_ids": [ "CWE-89" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-24T17:04:34Z" }- References
Affected packages
NuGet / Umbraco.Workflow
Package
- Name
- Umbraco.Workflow
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.Workflow
NuGet / Umbraco.Workflow
Package
- Name
- Umbraco.Workflow
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.Workflow
Affected versions
11.*
11.0.0-rc1
11.0.0-rc2
11.0.0-rc3
11.0.0
11.0.1
11.1.0-rc1
11.1.0
11.1.1
11.1.2
11.2.0-rc1
11.2.0
11.2.1
11.2.2
11.2.3
11.3.0-rc1
11.3.0
11.3.1
11.3.2
12.*
12.0.0-rc1
12.0.0-rc2
12.0.0-rc4
12.0.0
12.0.1
12.1.0-rc1
12.1.0
12.1.1
12.1.2
12.2.0-rc1
12.2.0
12.2.1
12.2.2
12.2.3
12.2.4
12.2.5
NuGet / Umbraco.Workflow
Package
- Name
- Umbraco.Workflow
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.Workflow
NuGet / Plumber.Workflow
Package
- Name
- Plumber.Workflow
- View open source insights on deps.dev
- Purl
- pkg:nuget/Plumber.Workflow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.1.2
Affected versions
1.*
1.0.0-alpha-000230
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.1.2-beta-000314
1.1.2
1.1.3-beta-000315
1.1.3-beta-000318
1.1.3-beta-000319
1.1.3-beta-000329
1.1.3
1.1.4-beta-000333
1.2.0-beta-000339
1.2.0-beta-000340
1.2.0-beta-000341
1.2.0-beta-000342
1.2.0-beta-000343
1.2.0-beta-000344
1.2.0-beta-000345
1.2.0-beta-000346
1.2.0-beta-000349
1.2.0-beta-000350
1.2.0-beta-000351
1.2.0-beta-000355
1.2.0-beta-000356
1.2.0-beta-000357
1.2.0-beta-000359
1.2.0-beta-000360
1.2.0-beta-000363
1.2.0
1.2.1-beta-000365
1.2.1-beta-000366
1.2.1-beta-000367
1.2.1-beta-000368
1.2.1-beta-000371
1.2.1
1.2.2-beta-000372
1.3.0-beta-000375
1.3.0
1.3.1-beta-000377
1.3.1
1.3.2
1.3.3-beta-000382
1.3.3
1.3.4
1.3.5-beta-000389
1.3.5-beta-000390
1.3.5-beta-000391
1.3.5-beta-000393
1.3.5
1.3.6-beta-000395
1.3.6
1.3.7-beta-000398
1.3.7-beta-000403
1.3.7
1.3.8-beta-000406
1.3.8-beta-000407
1.3.8-beta-000408
1.3.8-beta-000409
1.3.8-beta-000410
1.3.8-beta-000412
1.3.8
1.3.9-beta-000414
1.3.9-beta-000415
1.3.9-beta-000416
1.3.9-beta-000417
1.3.9-beta-000418
1.3.9-beta-000419
1.3.9-beta-000420
1.3.9-beta-000423
1.3.9
1.4.0-beta-000424
1.4.0-beta-000426
1.4.0-beta-000428
1.4.0-beta-000430
1.4.0-beta-000431
1.4.0-beta-000432
1.4.0-beta-000433
1.4.0-beta-000437
1.4.0-beta-000438
1.4.0
1.4.1-beta-000454
1.4.1-beta-000455
1.4.1-beta-000458
1.4.1-beta-000460
1.4.1-beta-000463
1.4.1
1.4.2-beta-000466
1.4.2
1.4.3-beta-000468
1.4.3-beta-000469
1.4.3-beta-000470
1.4.3-beta-000471
1.4.3-beta-000472
1.4.3-beta-000473
1.4.3-beta-000476
1.4.3-beta-000477
1.4.3-beta-000478
1.4.3-beta-000479
1.4.3
1.4.4-beta-000482
1.4.4-beta-000484
1.4.4-beta-000485
1.4.4-beta-000486
1.4.4-beta-000487
1.4.4-beta-000488
1.4.4-beta-000489
1.4.4-beta-000490
1.4.4-beta-000491
1.4.4-beta-000492
1.4.4-beta-000493
1.4.4-beta-000494
1.4.4-beta-000495
1.4.4-beta-000496
1.4.4-beta-000497
1.4.4-beta-000498
1.4.4-beta-000499
1.5.0-beta-000505
1.5.0
1.5.1-beta-000508
1.5.1-beta-000509
1.5.1-beta-000510
1.5.1-beta-000512
1.5.1-beta-000513
1.5.1-beta-000520
1.5.1
1.5.2-beta-000521
1.5.2-beta-000522
1.5.2-beta-000534
1.5.2-beta-000536
1.5.2-beta-000539
1.5.2
1.5.3-beta-000540
1.5.3-beta-000542
1.5.3-beta-000546
1.5.3
1.6.0-beta-000553
1.6.0-beta-000554
1.6.0-beta-000557
1.6.0-beta-000559
1.6.0-beta-000560
1.6.0-beta-000562
1.6.0-beta-000565
1.6.0
1.6.1-beta-000566
1.6.1-beta-000567
1.6.1-beta-000572
1.6.1
1.6.2-beta-000573
1.6.2
1.6.3-beta-000576
1.6.3-beta-000616
1.6.3-beta-000627
1.6.3-beta-000629
1.6.3-beta-000630
1.6.3-beta-000631
1.6.3-beta-000633
1.6.3-beta-000634
1.6.3-beta-000638
1.6.3-beta-000643
1.6.3-beta-000648
1.6.3-beta-000651
1.6.3
1.6.4-beta-000654
1.6.4-beta-000656
1.6.4
1.6.5-beta-000773
1.6.5
1.6.6-beta-000775
1.6.6-beta-000776
1.6.6-beta-000778
1.6.6-beta-000781
1.6.6-beta-000782
1.6.6-beta-000784
1.6.6-beta-000786
1.6.6
1.6.7-beta-000823
1.6.7
1.6.8-beta-000841
1.6.8-beta-000843
1.6.8-beta-000846
1.6.8
1.6.9-beta-000874
2.*
2.0.0-rc001
2.0.0
2.0.1
2.0.2
2.1.0-rc
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
8.*
8.0.0-beta-000646
9.*
9.0.0-beta-000584
9.0.0-beta-000611
9.0.0-beta-000617
10.*
10.0.0
10.0.1
10.0.2-rc
10.1.0-rc
10.1.0
10.1.1