CVE-2020-9471: Unrestricted Upload of File with Dangerous Type

May 24, 2022 (updated July 13, 2023)

Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.

References

github.com/advisories/GHSA-h68c-4jh3-cp9j
gitlab.com/eLeN3Re/cve-2020-9471
gitlab.com/eLeN3Re/cve-2020-9472/-/blob/master/CVE-2020-9472.pdf
nvd.nist.gov/vuln/detail/CVE-2020-9471

Code Behaviors & Features

Detect and mitigate CVE-2020-9471 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →