CVE-2022-31041

Name of the Vulnerable Software and Affected Versions Open Forms versions prior to 1.0.9 Open Forms versions prior to 1.1.1

Description Open Forms is an application for creating and publishing smart forms, supporting file uploads with configurable allowed file extensions. The input validation of uploaded files is insufficient, allowing users to alter or strip file extensions and bypass validation. This results in files being uploaded to the server with different file types than indicated by the file name extension, potentially leading to malicious files entering internal networks.

Recommendations For versions prior to 1.0.9, update to version 1.0.9 or later to resolve the issue. For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider using an API gateway or intrusion detection solution in front of Open Forms to scan for and block malicious content before it reaches the application.