GHSA-8m73-w2r2-6xxj

Source
https://github.com/advisories/GHSA-8m73-w2r2-6xxj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/07/GHSA-8m73-w2r2-6xxj/GHSA-8m73-w2r2-6xxj.json
Aliases
  • CVE-2020-7685
Published
2020-07-29T17:29:51Z
Modified
2023-11-08T04:04:04.705856Z
Details

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.

References

Affected packages

NuGet / UmbracoForms

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Last affected
8.4.1

Affected versions

4.*

4.0.0
4.0.1-Build111
4.0.1
4.0.2
4.0.3
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2.1
4.2.2
4.3.0-beta
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.1.0
7.1.1
7.1.2
7.1.3
7.1.4
7.2.0
7.2.1
7.3.0
7.3.1
7.3.2
7.4.0
7.4.1
7.4.2
7.4.3
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5
7.5.6
7.5.7
7.5.8
7.5.9
7.5.10

8.*

8.0.0
8.0.1
8.0.2
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.3.2
8.3.3
8.3.4
8.4.0
8.4.1