GHSA-j66f-h9hm-975m

Source

https://github.com/advisories/GHSA-j66f-h9hm-975m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-j66f-h9hm-975m/GHSA-j66f-h9hm-975m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j66f-h9hm-975m

Aliases

CVE-2020-9472

Published

2021-08-02T17:38:56Z

Modified

2023-11-08T04:04:20.561812Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Unrestricted Upload of File with Dangerous Type in Umbraco CMS

Details

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Database specific

{
    "nvd_published_at": "2020-03-16T20:15:00Z",
    "github_reviewed_at": "2021-05-04T21:16:07Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-434"
    ]
}

References

Affected packages

NuGet / UmbracoCms

Package

Name: UmbracoCms; View open source insights on deps.dev
Purl: pkg:nuget/UmbracoCms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.4

Affected versions

4.*

4.7.2

4.8.0-beta

4.8.0

4.8.1

4.9.0

4.9.1

4.10.0-beta

4.10.0-rc

4.10.0

4.10.1

4.10.1.1

4.11.0

4.11.1

4.11.2

4.11.2.1

4.11.2.2

4.11.2.3

4.11.3

4.11.3.1

4.11.4

4.11.5

4.11.6

4.11.7

4.11.8

4.11.9

4.11.10

6.*

6.0.0-beta

6.0.0-RC

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.7.1

6.1.0-beta

6.1.0-beta-2

6.1.0

6.1.1

6.1.2

6.1.2.1

6.1.2.2

6.1.3

6.1.4

6.1.5

6.1.6

6.2.0-RC

6.2.0

6.2.0.1-RC

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

7.*

7.0.0-alpha

7.0.0-beta

7.0.0-RC

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.1.0-RC

7.1.0

7.1.1

7.1.2

7.1.3

7.1.4

7.1.5

7.1.6

7.1.7

7.1.8

7.1.9

7.1.10

7.2.0-beta

7.2.0-beta2

7.2.0-RC

7.2.0

7.2.1

7.2.2

7.2.3

7.2.4

7.2.5-RC

7.2.5

7.2.6

7.2.7

7.2.8

7.2.9

7.3.0-beta

7.3.0-beta2

7.3.0-beta3

7.3.0-RC

7.3.0

7.3.1

7.3.2

7.3.3

7.3.4

7.3.5

7.3.6

7.3.7

7.3.8

7.3.9

7.4.0-beta

7.4.0-beta2

7.4.0-RC1

7.4.0

7.4.1

7.4.2

7.4.3

7.4.4

7.5.0-beta

7.5.0-beta2

7.5.0

7.5.1

7.5.2

7.5.3

7.5.4

7.5.5

7.5.6

7.5.7

7.5.8

7.5.9

7.5.10

7.5.11

7.5.12

7.5.13

7.5.14

7.5.15

7.6.0-beta

7.6.0-RC

7.6.0

7.6.1

7.6.2

7.6.3

7.6.4

7.6.5

7.6.6

7.6.7

7.6.8

7.6.9

7.6.10

7.6.11

7.6.12

7.6.13

7.6.14

7.7.0-beta

7.7.0

7.7.1

7.7.2

7.7.3

7.7.4

7.7.5

7.7.6

7.7.7

7.7.8

7.7.9

7.7.10

7.7.11

7.7.12

7.7.13

7.7.14

7.8.0-beta

7.8.0

7.8.1

7.8.2

7.8.3

7.8.4

7.9.0

7.9.1

7.9.2

7.9.3

7.9.4

7.9.5

7.9.6

7.9.7

7.10.0

7.10.1

7.10.2

7.10.3

7.10.4

7.10.5

7.10.6

7.11.0

7.11.1

7.11.2

7.11.3

7.12.0

7.12.1

7.12.2

7.12.3

7.12.4

7.12.5

7.13.0

7.13.1

7.13.2

7.13.3

7.14.0

7.14.1

7.15.0

7.15.1

7.15.2

7.15.3

7.15.4

7.15.5

7.15.6

7.15.7

7.15.8

7.15.9

7.15.10

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.2.0-rc

8.2.0

8.2.1

8.2.2

8.2.3

8.3.0

8.3.1

8.4.0-rc

8.4.0

8.4.1

8.4.2

8.5.0

8.5.1

8.5.2

8.5.3

Database specific

{
    "last_known_affected_version_range": "<= 8.5.3"
}