Skip to content
Snippets Groups Projects
Commit 5d7cfd9b authored by Isaac Dawson's avatar Isaac Dawson
Browse files

Merge branch 'adbcurate/nuget_umbracoforms_CVE_2020_7685_yml' into 'master'

Add CVE-2020-7685 to umbracoforms

See merge request !11482
parents 51362449 ba45ca38
No related branches found
No related tags found
Loading
Pipeline #428797371 passed
---
identifier: "CVE-2020-7685"
identifiers:
- "CVE-2020-7685"
package_slug: "nuget/umbracoforms"
title: "Insecure Default Initialization of Resource"
description: "This affects all versions of package UmbracoForms. When using the default
configuration for upload forms, it is possible to upload arbitrary file types. The
package offers a way for users to mitigate the issue. The users of this package
can create a custom workflow and frontend validation that blocks certain file types,
depending on their security needs and policies."
date: "2020-07-29"
pubdate: "2020-07-28"
affected_range: "(,)"
fixed_versions: []
affected_versions: "All versions"
not_impacted: ""
solution: "Unfortunately, there is no solution available yet."
urls:
- "https://nvd.nist.gov/vuln/detail/CVE-2020-7685"
- "https://snyk.io/vuln/SNYK-DOTNET-UMBRACOFORMS-595765"
cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:N"
cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
uuid: "a3644340-a022-42cb-b74e-3e2471d8cab1"
cwe_ids:
- "CWE-1035"
- "CWE-1188"
- "CWE-937"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment