Опубликовано: 20 авг. 2024
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 4.3
Описание
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Impact
Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode.
Explanation of the vulnerability
Management API endpoints leaked stack traces in case of Internal server errors, no matter if the debug setting was disabled.
E.g. when paging with negative numbers in some apis
Пакеты
Наименование
Umbraco.Cms.Api.Management
nuget
Затронутые версииВерсия исправления
>= 14.0.0, < 14.1.2
14.1.2
Связанные уязвимости
CVSS3: 4.3
nvd
больше 1 года назад
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.