Количество 2
Количество 2
CVE-2023-49089
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.
GHSA-6324-52pr-h4p5
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-49089 Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue. | CVSS3: 7.7 | 0% Низкий | около 2 лет назад |
| GHSA-6324-52pr-h4p5 Using the directory back payload (“/../”) in a package name allows placement of package in other folders. | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу