GHSA-h2vq-7gf2-qw9v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h2vq-7gf2-qw9v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h2vq-7gf2-qw9v/GHSA-h2vq-7gf2-qw9v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h2vq-7gf2-qw9v
- Aliases
- Published
- 2022-05-17T00:30:20Z
- Modified
- 2023-11-08T03:58:56.774535Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Umbraco CMS XXE Vulnerability
- Details
-
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to
Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs. - Database specific
{ "nvd_published_at": "2017-10-12T08:29:00Z", "cwe_ids": [ "CWE-611" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-26T23:13:52Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-15280
- https://github.com/umbraco/Umbraco-CMS/commit/5dde2efe0d2b3a47d17439e03acabb7ea2befb64
- https://github.com/umbraco/Umbraco-CMS
- https://github.com/umbraco/Umbraco-CMS/blob/release-7.7.3/src/Umbraco.Web/Umbraco.Web.csproj
- http://issues.umbraco.org/issue/U4-10506
Affected packages
NuGet / UmbracoCms.Web
Package
- Name
- UmbracoCms.Web
- View open source insights on deps.dev
- Purl
- pkg:nuget/UmbracoCms.Web