CVE-2020-29441

Name of the Vulnerable Software and Affected Versions OutSystems Platform 10 versions prior to 10.0.1019.0

Description An issue in the Upload Widget allows an unauthenticated attacker to upload arbitrary files. This can lead to a Denial of Service by consuming available database space, corrupt legitimate data if files are processed asynchronously, or deny access to legitimate uploaded files.

Recommendations For OutSystems Platform 10 versions prior to 10.0.1019.0, update to version 10.0.1019.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Upload Widget to prevent arbitrary file uploads until a patch is applied.