CVE-2020-9471: Unrestricted Upload of File with Dangerous Type

March 16, 2020 (updated March 19, 2020)

Umbraco Cloud allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.

References

gitlab.com/eLeN3Re/cve-2020-9471
nvd.nist.gov/vuln/detail/CVE-2020-9471

Detect and mitigate CVE-2020-9471 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →