GHSA-5955-cwv4-h7qh

Source

https://github.com/advisories/GHSA-5955-cwv4-h7qh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-5955-cwv4-h7qh/GHSA-5955-cwv4-h7qh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5955-cwv4-h7qh

Aliases

CVE-2024-48927

Published

2024-10-22T18:12:38Z

Modified

2024-10-22T19:33:43.446221Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Details

Impact

There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode.

Workarounds

Server-side file validation is available to strip script tags from file's content during the file upload process.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-74"
    ],
    "nvd_published_at": "2024-10-22T16:15:08Z",
    "github_reviewed_at": "2024-10-22T18:12:38Z"
}

References

Affected packages

NuGet / UmbracoCms

Package

Name: UmbracoCms; View open source insights on deps.dev
Purl: pkg:nuget/UmbracoCms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.18.15

Affected versions

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.2.0-rc

8.2.0

8.2.1

8.2.2

8.2.3

8.3.0

8.3.1

8.4.0-rc

8.4.0

8.4.1

8.4.2

8.5.0

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.6.0-rc

8.6.0

8.6.1

8.6.2

8.6.3

8.6.4

8.6.5

8.6.6

8.6.7

8.6.8

8.7.0-rc

8.7.0

8.7.1

8.7.2

8.7.3

8.8.0-rc

8.8.0

8.8.1

8.8.2

8.8.3

8.8.4

8.9.0-rc

8.9.0

8.9.1

8.9.2

8.9.3

8.10.0-rc

8.10.0

8.10.1

8.10.2

8.10.3

8.11.0-rc

8.11.0

8.11.1

8.11.2

8.11.3

8.12.0-rc

8.12.0

8.12.1

8.12.2

8.12.3

8.13.0-rc

8.13.0

8.13.1

8.14.0-rc

8.14.0

8.14.1

8.14.2

8.14.3

8.14.4

8.15.0-rc

8.15.0

8.15.1

8.15.2

8.15.3

8.16.0-rc

8.16.0

8.17.0-rc

8.17.0-rc2

8.17.0

8.17.1

8.17.2

8.18.0-rc

8.18.0-rc2

8.18.0

8.18.1

8.18.2

8.18.3

8.18.4

8.18.5

8.18.6

8.18.7

8.18.8

8.18.9

8.18.10

8.18.11

8.18.12

8.18.13

8.18.14

NuGet / Umbraco.Cms

Package

Name: Umbraco.Cms; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.0.0

Fixed

10.8.7

Affected versions

10.*

10.0.0

10.0.1

10.1.0-rc

10.1.0-rc2

10.1.0

10.1.1

10.2.0-rc

10.2.0

10.2.1

10.3.0-rc

10.3.0

10.3.1

10.3.2

10.4.0-rc

10.4.0

10.4.1

10.4.2

10.5.0-rc

10.5.0

10.5.1

10.6.0-rc

10.6.0

10.6.1

10.7.0-rc

10.7.0

10.8.0-rc

10.8.0

10.8.1

10.8.2

10.8.3

10.8.4

10.8.5

10.8.6

NuGet / Umbraco.Cms

Package

Name: Umbraco.Cms; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13.0.0

Fixed

13.5.2

Affected versions

13.*

13.0.0

13.0.1

13.0.2

13.0.3

13.1.0-rc

13.1.0

13.1.1

13.2.0-rc

13.2.0

13.2.1

13.2.2

13.3.0-rc

13.3.0

13.3.1

13.3.2

13.4.0-rc

13.4.0-rc2

13.4.0

13.4.1

13.5.0-rc

13.5.0

13.5.1