UmbracoCms

NuGet4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting UmbracoCmspage 1 of 1

CVE-2020-29454MEDIUMCVSS 4.3EG 4.3✓ Fixed in 8.10.0
2020-12-02
vulnerable: 4.10.0 ... 8.9.3 (267 versions)
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
CVE-2020-5811MEDIUMCVSS 6.5EG 6.5✓ Fixed in 8.9.2
2020-12-30
vulnerable: 4.10.0 ... 8.9.1 (264 versions)
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco…
CVE-2020-9472MEDIUMCVSS 6.5EG 6.5✓ Fixed in 8.5.4
2020-03-16
vulnerable: 4.10.0 ... 8.5.3 (238 versions)
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
CVE-2024-48927MEDIUMCVSS 4.6EG 4.6✓ Fixed in 8.18.15
2024-10-22
vulnerable: 8.0.0 ... 8.9.3 (107 versions)
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution f…

Check whether UmbracoCms is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for UmbracoCms CVEs against the assets you own.

Start Free Scan →