High severityNVD Advisory· Published Jul 28, 2020· Updated Sep 16, 2024

Insecure Defaults

CVE-2020-7685

Description

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
UmbracoFormsNuGet	<= 8.4.1	—

Affected products

UmbracoForms/UmbracoFormsdescription
ghsa-coords
pkg:nuget/umbracoforms
Range: <= 8.4.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-8m73-w2r2-6xxjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-7685ghsaADVISORY
snyk.io/vuln/SNYK-DOTNET-UMBRACOFORMS-595765ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000