GHSA-9v8m-qv22-f268: Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2025-23041

Umbraco Forms’s Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Package

nuget Umbraco.Forms (NuGet)

Affected versions

< 10.5.7

>= 11.0.0-rc1, < 13.2.2

>= 14.0.0-beta001, < 14.1.2

Patched versions

10.5.7

13.2.2

14.1.2

nuget UmbracoForms (NuGet)

Impact

Character limits configured by editors for short and long answer fields are validated only client-side, not server-side.

Patches

Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2

References

• GHSA-9v8m-qv22-f268

Published to the GitHub Advisory Database

Jan 14, 2025

Last updated

Jan 14, 2025