GHSA-j66f-h9hm-975m

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-j66f-h9hm-975m/GHSA-j66f-h9hm-975m.json

Aliases

CVE-2020-9472

Published

2021-08-02T17:38:56Z

Modified

2022-08-15T08:29:24.959943Z

Details

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

References

Affected packages

NuGet / UmbracoCms

UmbracoCms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

8.5.4

Affected versions

4.*

4.10.0

4.10.0-beta

4.10.0-rc

4.10.1

4.10.1.1

4.11.0

4.11.1

4.11.10

4.11.2

4.11.2.1

4.11.2.2

4.11.2.3

4.11.3

4.11.3.1

4.11.4

4.11.5

4.11.6

4.11.7

4.11.8

4.11.9

4.7.2

4.8.0

4.8.0-beta

4.8.1

4.9.0

4.9.1

6.*

6.0.0

6.0.0-RC

6.0.0-beta

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.7.1

6.1.0

6.1.0-beta

6.1.0-beta-2

6.1.1

6.1.2

6.1.2.1

6.1.2.2

6.1.3

6.1.4

6.1.5

6.1.6

6.2.0

6.2.0-RC

6.2.0.1-RC

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

7.*

7.0.0

7.0.0-RC

7.0.0-alpha

7.0.0-beta

7.0.1

7.0.2

7.0.3

7.0.4

7.1.0

7.1.0-RC

7.1.1

7.1.10

7.1.2

7.1.3

7.1.4

7.1.5

7.1.6

7.1.7

7.1.8

7.1.9

7.10.0

7.10.1

7.10.2

7.10.3

7.10.4

7.10.5

7.10.6

7.11.0

7.11.1

7.11.2

7.11.3

7.12.0

7.12.1

7.12.2

7.12.3

7.12.4

7.12.5

7.13.0

7.13.1

7.13.2

7.13.3

7.14.0

7.14.1

7.15.0

7.15.1

7.15.2

7.15.3

7.15.4

7.15.5

7.15.6

7.15.7

7.2.0

7.2.0-RC

7.2.0-beta

7.2.0-beta2

7.2.1

7.2.2

7.2.3

7.2.4

7.2.5

7.2.5-RC

7.2.6

7.2.7

7.2.8

7.2.9

7.3.0

7.3.0-RC

7.3.0-beta

7.3.0-beta2

7.3.0-beta3

7.3.1

7.3.2

7.3.3

7.3.4

7.3.5

7.3.6

7.3.7

7.3.8

7.3.9

7.4.0

7.4.0-RC1

7.4.0-beta

7.4.0-beta2

7.4.1

7.4.2

7.4.3

7.4.4

7.5.0

7.5.0-beta

7.5.0-beta2

7.5.1

7.5.10

7.5.11

7.5.12

7.5.13

7.5.14

7.5.15

7.5.2

7.5.3

7.5.4

7.5.5

7.5.6

7.5.7

7.5.8

7.5.9

7.6.0

7.6.0-RC

7.6.0-beta

7.6.1

7.6.10

7.6.11

7.6.12

7.6.13

7.6.14

7.6.2

7.6.3

7.6.4

7.6.5

7.6.6

7.6.7

7.6.8

7.6.9

7.7.0

7.7.0-beta

7.7.1

7.7.10

7.7.11

7.7.12

7.7.13

7.7.14

7.7.2

7.7.3

7.7.4

7.7.5

7.7.6

7.7.7

7.7.8

7.7.9

7.8.0

7.8.0-beta

7.8.1

7.8.2

7.8.3

7.8.4

7.9.0

7.9.1

7.9.2

7.9.3

7.9.4

7.9.5

7.9.6

7.9.7

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.2.0

8.2.0-rc

8.2.1

8.2.2

8.2.3

8.3.0

8.3.1

8.4.0

8.4.0-rc

8.4.1

8.4.2

8.5.0

8.5.1

8.5.2

8.5.3

Database specific

{
    "last_known_affected_version_range": "<= 8.5.3"
}