What is CVE-2022-31041?

CVE-2022-31041 is a high-severity vulnerability in Open-formulieren Open-forms, classified under Improper Input Validation. CVSS score: 7.6/10. Published 2022-06-13.

How severe is CVE-2022-31041?

High severity. CVSS v3 base score is 7.6 out of 10.

Arbitrary file upload in Open-formulieren Open-forms

CVE-2022-31041

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. o…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (41.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L.

Affected products

Open-formulieren Open-forms — versions < 1.0.9, >= 1.1.0-rc0, < 1.1.1

Weakness classification (CWE)

References

github.com/open-formulieren/open-forms/security/advisories/GHSA-h85r-xv4w-cg8g (x_refsource_CONFIRM)
github.com/open-formulieren/open-forms/commit/0978a29e821a7228c5d46c0527c3e925e… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31041?: CVE-2022-31041 is a high-severity vulnerability in Open-formulieren Open-forms, classified under Improper Input Validation. CVSS score: 7.6/10. Published 2022-06-13.
How severe is CVE-2022-31041?: High severity. CVSS v3 base score is 7.6 out of 10.