Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

Published

2024-08-20T15:15:23.277

Last Modified

2024-08-26T18:24:06.530

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-209
Type: Primary
CWE-209

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	umbraco	umbraco_cms	< 14.1.2	Yes

References

https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004 Patch ([email protected])
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx Vendor Advisory ([email protected])