{"id":"CVE-2020-19138","details":"Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component \"/src/main/java/com/dotmarketing/filters/CMSFilter.java\".","modified":"2026-04-10T04:24:03.856501Z","published":"2021-09-08T21:15:09.437Z","references":[{"type":"FIX","url":"https://github.com/dotCMS/core/issues/17796"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotcms/core","events":[{"introduced":"0"},{"last_affected":"367cf23d04b8bd3496c4dbbf2413408dbe9f294c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.2.3"}]}}],"versions":["3.0","3.5","3.5_Preview01","3.5_Preview02","3.6.0","5.2.0","5.2.1","5.2.3","pre3.5buildrevert"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19138.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}