Vulnerabilities > CVE-2020-7685 - Insecure Default Initialization of Resource vulnerability in Umbraco Forms

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

umbraco

CWE-1188

NVD

Published: 2020-07-28

Updated: 2023-03-02

Summary

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.

Vulnerable Configurations

Part	Description	Count
Application	Umbraco Umbraco Umbraco Forms *	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://snyk.io/vuln/SNYK-DOTNET-UMBRACOFORMS-595765