GHSA-j66f-h9hm-975m

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-j66f-h9hm-975m/GHSA-j66f-h9hm-975m.json
Aliases
  • CVE-2020-9472
Published
2021-08-02T17:38:56Z
Modified
2022-08-15T08:29:24.959943Z
Details

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

References

Affected packages

NuGet / UmbracoCms

UmbracoCms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
8.5.4

Affected versions

4.*

4.10.0
4.10.0-beta
4.10.0-rc
4.10.1
4.10.1.1
4.11.0
4.11.1
4.11.10
4.11.2
4.11.2.1
4.11.2.2
4.11.2.3
4.11.3
4.11.3.1
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.7.2
4.8.0
4.8.0-beta
4.8.1
4.9.0
4.9.1

6.*

6.0.0
6.0.0-RC
6.0.0-beta
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.7.1
6.1.0
6.1.0-beta
6.1.0-beta-2
6.1.1
6.1.2
6.1.2.1
6.1.2.2
6.1.3
6.1.4
6.1.5
6.1.6
6.2.0
6.2.0-RC
6.2.0.1-RC
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6

7.*

7.0.0
7.0.0-RC
7.0.0-alpha
7.0.0-beta
7.0.1
7.0.2
7.0.3
7.0.4
7.1.0
7.1.0-RC
7.1.1
7.1.10
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.1.7
7.1.8
7.1.9
7.10.0
7.10.1
7.10.2
7.10.3
7.10.4
7.10.5
7.10.6
7.11.0
7.11.1
7.11.2
7.11.3
7.12.0
7.12.1
7.12.2
7.12.3
7.12.4
7.12.5
7.13.0
7.13.1
7.13.2
7.13.3
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.15.6
7.15.7
7.2.0
7.2.0-RC
7.2.0-beta
7.2.0-beta2
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.5-RC
7.2.6
7.2.7
7.2.8
7.2.9
7.3.0
7.3.0-RC
7.3.0-beta
7.3.0-beta2
7.3.0-beta3
7.3.1
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8
7.3.9
7.4.0
7.4.0-RC1
7.4.0-beta
7.4.0-beta2
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0
7.5.0-beta
7.5.0-beta2
7.5.1
7.5.10
7.5.11
7.5.12
7.5.13
7.5.14
7.5.15
7.5.2
7.5.3
7.5.4
7.5.5
7.5.6
7.5.7
7.5.8
7.5.9
7.6.0
7.6.0-RC
7.6.0-beta
7.6.1
7.6.10
7.6.11
7.6.12
7.6.13
7.6.14
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.6.9
7.7.0
7.7.0-beta
7.7.1
7.7.10
7.7.11
7.7.12
7.7.13
7.7.14
7.7.2
7.7.3
7.7.4
7.7.5
7.7.6
7.7.7
7.7.8
7.7.9
7.8.0
7.8.0-beta
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.6
7.9.7

8.*

8.0.0
8.0.1
8.0.2
8.0.3
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.2.0
8.2.0-rc
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.4.0
8.4.0-rc
8.4.1
8.4.2
8.5.0
8.5.1
8.5.2
8.5.3

Database specific

{
    "last_known_affected_version_range": "<= 8.5.3"
}