UmbracoCMS.Core

NuGet2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting UmbracoCMS.Corepage 1 of 1

CVE-2020-7210MEDIUMCVSS 4.3EG 4.3✓ Fixed in 8.5.0
2020-01-23
vulnerable: 4.10.0 ... 8.4.2 (234 versions)
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
CVE-2020-9471HIGHCVSS 8.8EG 8.8
2020-03-16
vulnerable: 4.10.0 ... 8.5.3 (238 versions)
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.

Check whether UmbracoCMS.Core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for UmbracoCMS.Core CVEs against the assets you own.

Start Free Scan →