MEDIUM 6.5
GHSA-j66f-h9hm-975m
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
Details
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / UmbracoCms
Introduced in:
0 Fixed in: 8.5.4 Fix
dotnet add package UmbracoCms --version 8.5.4