CVE-2020-7685: Insecure Defaults
First published: Tue Jul 28 2020(Updated: )
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.
Credit: report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Umbraco Umbraco Forms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability in UmbracoForms?
UmbracoForms allows the upload of arbitrary file types when using the default configuration for upload forms.
How does UmbracoForms mitigate the vulnerability?
Users can create a custom workflow and frontend validation to block the upload of arbitrary file types.
Which versions of UmbracoForms are affected by this vulnerability?
All versions of UmbracoForms are affected by this vulnerability.
What is the severity of CVE-2020-7685?
The severity of CVE-2020-7685 is high with a CVSS score of 7.5.
Is there any reference for CVE-2020-7685?
Yes, you can find more information about CVE-2020-7685 at https://snyk.io/vuln/SNYK-DOTNET-UMBRACOFORMS-595765.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- agent/author
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/umbraco
- canonical/umbraco umbraco forms