CVE-2020-5811: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

December 30, 2020 (updated October 18, 2021)

An authenticated path traversal vulnerability exists during package installation in Umbraco CMS, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.

References

packetstormsecurity.com/files/163965/Umbraco-CMS-8.9.1-Traversal-Arbitrary-File-Write.html
nvd.nist.gov/vuln/detail/CVE-2020-5811
www.tenable.com/security/research/tra-2020-59

Code Behaviors & Features

Detect and mitigate CVE-2020-5811 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →