React2Shell Update: Critical in-the-wild React.js vulnerability exposes apps to remote code execution. Learn More

Bring Sonatype intelligence to your IDE and AI workflows with the Sonatype MCP server.
Discover, assess, and secure your open source components with confidence.
From selecting the best versions to identifying vulnerabilities, ensuring license compliance, and receiving real-time remediation guidance,
everything you need to build safer software, faster. Get setup now

Vulnerability

CVE-2021-33224

Report advisory or correction

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

References

https://our.umbraco.com/packages/developer-tools/umbraco-forms

https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/

https://github.com/advisories/GHSA-74cc-qrjm-qwjc

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33224

[CVE-2021-33224] CWE-434: Unrestricted Upload of File with Dangerous Type

Description

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.

See UmbracoForms package information