{"vulnerability": "CVE-2020-26174", "sightings": [{"uuid": "8da93139-51d2-44d7-b3b7-00ec18d1c944", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26174", "type": "seen", "source": "https://t.me/cibsecurity/21051", "content": "\u203c CVE-2020-26174 \u203c\n\ntangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T12:46:43.000000Z"}]}