CVE-2020-9472: Unrestricted Upload of File with Dangerous Type

March 16, 2020 (updated March 19, 2020)

Umbraco CMS allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

References

gitlab.com/eLeN3Re/cve-2020-9472
nvd.nist.gov/vuln/detail/CVE-2020-9472

Detect and mitigate CVE-2020-9472 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →