This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-DOTNET-UMBRACOFORMS-595765 | Third Party Advisory |
Configurations
History
02 Mar 2023, 15:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:umbraco:umbraco_forms:*:*:*:*:*:*:*:* |
Information
Published : 2020-07-28 17:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-7685
Mitre link : CVE-2020-7685
CVE.ORG link : CVE-2020-7685
JSON object : View
Products Affected
umbraco
- umbraco_forms
CWE
CWE-1188
Insecure Default Initialization of Resource