CVE-2020-13961
- EPSS 0.62%
- Veröffentlicht 19.06.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:02:14
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerabi...
CVE-2020-8123
- EPSS 0.63%
- Veröffentlicht 04.02.2020 20:15:14
- Zuletzt bearbeitet 21.11.2024 05:38:20
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
- EPSS 81.6%
- Veröffentlicht 05.12.2019 20:15:10
- Zuletzt bearbeitet 21.11.2024 04:35:03
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to b...
CVE-2019-18818
- EPSS 94.05%
- Veröffentlicht 07.11.2019 22:15:10
- Zuletzt bearbeitet 21.11.2024 04:33:38
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.