Описание
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
Impact
Via a manipulated API request it's possible to upload a file that doesn't adhere with the configured allowable file extensions.
Patches
Patched in 15.4.2 and 16.0.0.
Workarounds
None available.
Пакеты
Наименование
Umbraco.Cms
nuget
Затронутые версииВерсия исправления
>= 14.0.0, <= 15.4.1
15.4.2
Связанные уязвимости
CVSS3: 5.5
nvd
8 месяцев назад
Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0.0. No known workarounds are available.