CVE-2020-9309: Unrestricted Upload of File with Dangerous Type

July 15, 2020 (updated July 24, 2020)

Silverstripe CMS can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents.

References

nvd.nist.gov/vuln/detail/CVE-2020-9309
www.silverstripe.org/download/security-releases/CVE-2020-9309

Detect and mitigate CVE-2020-9309 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →