CVE-2020-29441: Malicious File Upload
First published: Mon Nov 30 2020(Updated: )
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Outsystems Outsystems | >=10<10.0.1019.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-29441?
The severity of CVE-2020-29441 is high with a CVSS base score of 6.5.
How does CVE-2020-29441 affect OutSystems Platform?
CVE-2020-29441 allows an unauthenticated attacker to upload arbitrary files and may consume the available database space (Denial of Service) or corrupt legitimate data if files are being processed asynchronously.
What version of OutSystems Platform is affected by CVE-2020-29441?
OutSystems Platform 10 before version 10.0.1019.0 is affected by CVE-2020-29441.
Is there a fix available for CVE-2020-29441?
Yes, upgrading to OutSystems Platform version 10.0.1019.0 or later will fix CVE-2020-29441.
Where can I find more information about CVE-2020-29441?
More information about CVE-2020-29441 can be found at the following URL: https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RPD-4310
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/outsystems
- canonical/outsystems outsystems
- version/outsystems outsystems/10