CVE-2024-32872 Information

Description

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9 12.2.6 and 13.0.6 an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Umbraco Workflow versions 10.3.9 12.2.6 13.0.6 as well as Umbraco Plumber version 10.1.2 contain a patch for this issue.

Reference

https://github.com/umbraco/Umbraco.Workflow.Issues/security/advisories/GHSA-287f-46j7-j4wh