Remote Code Execution (RCE) Affecting umbracoforms package, versions [8.7.0,8.7.6) [8.6.0,8.6.2) [8.5.0,8.5.7) [8.4.0,8.4.4) [8.3.0,8.3.4) [8.2.0,8.2.3) [8.1.0,8.1.6) [8.0.0,8.0.2) [7.5.0,7.5.4) [7.4.0,7.4.3) [7.3.0,7.3.2) [7.2.0,7.2.1) [7.1.0,7.1.4) [7.0.0,7.0.7) [6.0.0,6.0.10) [4.0.0,4.4.9)
Threat Intelligence
EPSS
1.68% (88th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DOTNET-UMBRACOFORMS-1569869
- published 26 Aug 2021
- disclosed 26 Aug 2021
- credit Gary O’Leary-Steele from AppCheck
Introduced: 26 Aug 2021
CVE-2021-37334 Open this link in a new tabHow to fix?
Upgrade UmbracoForms
to version 8.7.6, 8.6.2, 8.5.7, 8.4.4, 8.3.4, 8.2.3, 8.1.6, 8.0.2, 7.5.4, 7.4.3, 7.3.2, 7.2.1, 7.1.4, 7.0.7, 6.0.10, 4.4.9 or higher.
Overview
UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). A security issue in Umbraco Forms could lead to a remote code execution attack and/or arbitrary file deletion.
CVSS Scores
version 3.1