An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
[
{
"product": "Umbraco CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "<= 8.9.1 or current (unfixed)"
}
]
}
]