Merge branch 'adbcurate/nuget_umbracoforms_CVE_2020_7685_yml' into 'master'

Add CVE-2020-7685 to umbracoforms See merge request !11482

Merge branch 'adbcurate/nuget_umbracoforms_CVE_2020_7685_yml' into 'master'
5d7cfd9b · Isaac Dawson · 51362449 · ba45ca38 · 5d7cfd9b
Commit 5d7cfd9b authored 3 years ago by Isaac Dawson
--- a/nuget/umbracoforms/CVE-2020-7685.yml
+++ b/nuget/umbracoforms/CVE-2020-7685.yml
+---
+identifier: "CVE-2020-7685"
+identifiers:
+- "CVE-2020-7685"
+package_slug: "nuget/umbracoforms"
+title: "Insecure Default Initialization of Resource"
+description: "This affects all versions of package UmbracoForms. When using the default
+  configuration for upload forms, it is possible to upload arbitrary file types. The
+  package offers a way for users to mitigate the issue. The users of this package
+  can create a custom workflow and frontend validation that blocks certain file types,
+  depending on their security needs and policies."
+date: "2020-07-29"
+pubdate: "2020-07-28"
+affected_range: "(,)"
+fixed_versions: []
+affected_versions: "All versions"
+not_impacted: ""
+solution: "Unfortunately, there is no solution available yet."
+urls:
+- "https://nvd.nist.gov/vuln/detail/CVE-2020-7685"
+- "https://snyk.io/vuln/SNYK-DOTNET-UMBRACOFORMS-595765"
+cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:N"
+cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+uuid: "a3644340-a022-42cb-b74e-3e2471d8cab1"
+cwe_ids:
+- "CWE-1035"
+- "CWE-1188"
+- "CWE-937"