CVE-2024-43376

Name of the Vulnerable Software and Affected Versions Umbraco versions prior to 14.1.2

Description The issue concerns Umbraco, an ASP.NET CMS, where some endpoints in the Management API can return stack trace information even when Umbraco is not in debug mode. This can occur, for example, when paging with negative numbers in some APIs, leading to the leakage of stack traces in case of internal server errors, regardless of the debug setting being disabled.

Recommendations For versions prior to 14.1.2, update to version 14.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the Management API endpoints that are leaking stack trace information until the update can be applied.