Lucene search

K
osvGoogleOSV:GHSA-8M73-W2R2-6XXJ
HistoryJul 29, 2020 - 5:29 p.m.

Insecure defaults in UmbracoForms

2020-07-2917:29:51
Google
osv.dev
9

EPSS

0.001

Percentile

35.9%

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.

EPSS

0.001

Percentile

35.9%

Related for OSV:GHSA-8M73-W2R2-6XXJ