Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

GHSA-5955-cwv4-h7qh · CVE-2024-48927

Published Oct 22, 2024 · Modified Oct 22, 2024

Description

There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode.

Server-side file validation is available to strip script tags from file's content during the file upload process.

Ready to move

Free, no credit card | First findings in minutes