Medium severity5.5GHSA Advisory· Published Apr 24, 2024· Updated Apr 15, 2026
CVE-2024-32872
CVE-2024-32872
Description
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Umbraco.WorkflowNuGet | < 10.3.9 | 10.3.9 |
Umbraco.WorkflowNuGet | >= 11.0.0-rc1, < 12.2.6 | 12.2.6 |
Umbraco.WorkflowNuGet | >= 13.0.0-rc1, < 13.0.6 | 13.0.6 |
Plumber.WorkflowNuGet | < 10.1.2 | 10.1.2 |
Affected products
3- ghsa-coords2 versions
< 10.1.2+ 1 more
- (no CPE)range: < 10.1.2
- (no CPE)range: < 10.3.9
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.