GHSA-936x-wgqv-hhgq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-936x-wgqv-hhgq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-936x-wgqv-hhgq/GHSA-936x-wgqv-hhgq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-936x-wgqv-hhgq
- Aliases
- Published
- 2021-04-13T15:51:33Z
- Modified
- 2023-11-08T04:03:56.505399Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Authenticated path traversal in Umbraco CMS
- Details
-
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
- Database specific
{ "nvd_published_at": "2020-12-30T16:15:00Z", "github_reviewed_at": "2021-04-06T23:37:56Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-22" ] }- References
Affected packages
NuGet / UmbracoCms
Package
- Name
- UmbracoCms
- View open source insights on deps.dev
- Purl
- pkg:nuget/UmbracoCms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.9.2
Affected versions
4.*
4.7.2
4.8.0-beta
4.8.0
4.8.1
4.9.0
4.9.1
4.10.0-beta
4.10.0-rc
4.10.0
4.10.1
4.10.1.1
4.11.0
4.11.1
4.11.2
4.11.2.1
4.11.2.2
4.11.2.3
4.11.3
4.11.3.1
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.11.10
6.*
6.0.0-beta
6.0.0-RC
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.7.1
6.1.0-beta
6.1.0-beta-2
6.1.0
6.1.1
6.1.2
6.1.2.1
6.1.2.2
6.1.3
6.1.4
6.1.5
6.1.6
6.2.0-RC
6.2.0
6.2.0.1-RC
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
7.*
7.0.0-alpha
7.0.0-beta
7.0.0-RC
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.1.0-RC
7.1.0
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.1.7
7.1.8
7.1.9
7.1.10
7.2.0-beta
7.2.0-beta2
7.2.0-RC
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5-RC
7.2.5
7.2.6
7.2.7
7.2.8
7.2.9
7.3.0-beta
7.3.0-beta2
7.3.0-beta3
7.3.0-RC
7.3.0
7.3.1
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8
7.3.9
7.4.0-beta
7.4.0-beta2
7.4.0-RC1
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0-beta
7.5.0-beta2
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5
7.5.6
7.5.7
7.5.8
7.5.9
7.5.10
7.5.11
7.5.12
7.5.13
7.5.14
7.5.15
7.6.0-beta
7.6.0-RC
7.6.0
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.6.9
7.6.10
7.6.11
7.6.12
7.6.13
7.6.14
7.7.0-beta
7.7.0
7.7.1
7.7.2
7.7.3
7.7.4
7.7.5
7.7.6
7.7.7
7.7.8
7.7.9
7.7.10
7.7.11
7.7.12
7.7.13
7.7.14
7.8.0-beta
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.6
7.9.7
7.10.0
7.10.1
7.10.2
7.10.3
7.10.4
7.10.5
7.10.6
7.11.0
7.11.1
7.11.2
7.11.3
7.12.0
7.12.1
7.12.2
7.12.3
7.12.4
7.12.5
7.13.0
7.13.1
7.13.2
7.13.3
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.15.6
7.15.7
7.15.8
7.15.9
7.15.10
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.2.0-rc
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.4.0-rc
8.4.0
8.4.1
8.4.2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.6.0-rc
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.6.5
8.6.6
8.6.7
8.6.8
8.7.0-rc
8.7.0
8.7.1
8.7.2
8.7.3
8.8.0-rc
8.8.0
8.8.1
8.8.2
8.8.3
8.8.4
8.9.0-rc
8.9.0
8.9.1