Lucene search
HistoryFeb 04, 2020 - 8:15 p.m.
CVE-2020-8123
denial of service
strapi
v3.0.0-beta.18.3
security vulnerability
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.3%
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
Affected configurations
Node
strapistrapiRange<3.0.0node.js
ORstrapistrapiMatch3.0.0alpha10.1node.js
ORstrapistrapiMatch3.0.0alpha10.2node.js
ORstrapistrapiMatch3.0.0alpha10.3node.js
ORstrapistrapiMatch3.0.0alpha11node.js
ORstrapistrapiMatch3.0.0alpha11.1node.js
ORstrapistrapiMatch3.0.0alpha11.2node.js
ORstrapistrapiMatch3.0.0alpha11.3node.js
ORstrapistrapiMatch3.0.0alpha12node.js
ORstrapistrapiMatch3.0.0alpha12.1node.js
ORstrapistrapiMatch3.0.0alpha12.1.3node.js
ORstrapistrapiMatch3.0.0alpha12.2node.js
ORstrapistrapiMatch3.0.0alpha12.3node.js
ORstrapistrapiMatch3.0.0alpha12.4node.js
ORstrapistrapiMatch3.0.0alpha12.5node.js
ORstrapistrapiMatch3.0.0alpha12.6node.js
ORstrapistrapiMatch3.0.0alpha12.7node.js
ORstrapistrapiMatch3.0.0alpha12.7.1node.js
ORstrapistrapiMatch3.0.0alpha13node.js
ORstrapistrapiMatch3.0.0alpha13.0.1node.js
ORstrapistrapiMatch3.0.0alpha13.1node.js
ORstrapistrapiMatch3.0.0alpha14node.js
ORstrapistrapiMatch3.0.0alpha14.1node.js
ORstrapistrapiMatch3.0.0alpha14.1.1node.js
ORstrapistrapiMatch3.0.0alpha14.2node.js
ORstrapistrapiMatch3.0.0alpha14.3node.js
ORstrapistrapiMatch3.0.0alpha14.4.0node.js
ORstrapistrapiMatch3.0.0alpha14.5node.js
ORstrapistrapiMatch3.0.0alpha15node.js
ORstrapistrapiMatch3.0.0alpha16node.js
ORstrapistrapiMatch3.0.0alpha17node.js
ORstrapistrapiMatch3.0.0alpha18node.js
ORstrapistrapiMatch3.0.0alpha19node.js
ORstrapistrapiMatch3.0.0alpha20node.js
ORstrapistrapiMatch3.0.0alpha21node.js
ORstrapistrapiMatch3.0.0alpha22node.js
ORstrapistrapiMatch3.0.0alpha23node.js
ORstrapistrapiMatch3.0.0alpha23.1node.js
ORstrapistrapiMatch3.0.0alpha24node.js
ORstrapistrapiMatch3.0.0alpha24.1node.js
ORstrapistrapiMatch3.0.0alpha25node.js
ORstrapistrapiMatch3.0.0alpha25.1node.js
ORstrapistrapiMatch3.0.0alpha25.2node.js
ORstrapistrapiMatch3.0.0alpha26node.js
ORstrapistrapiMatch3.0.0alpha26.1node.js
ORstrapistrapiMatch3.0.0alpha26.2node.js
ORstrapistrapiMatch3.0.0alpha4node.js
ORstrapistrapiMatch3.0.0alpha4.8node.js
ORstrapistrapiMatch3.0.0alpha5.3node.js
ORstrapistrapiMatch3.0.0alpha5.5node.js
ORstrapistrapiMatch3.0.0alpha6.3node.js
ORstrapistrapiMatch3.0.0alpha6.4node.js
ORstrapistrapiMatch3.0.0alpha6.7node.js
ORstrapistrapiMatch3.0.0alpha7.2node.js
ORstrapistrapiMatch3.0.0alpha7.3node.js
ORstrapistrapiMatch3.0.0alpha8node.js
ORstrapistrapiMatch3.0.0alpha8.3node.js
ORstrapistrapiMatch3.0.0alpha9node.js
ORstrapistrapiMatch3.0.0alpha9.1node.js
ORstrapistrapiMatch3.0.0alpha9.2node.js
ORstrapistrapiMatch3.0.0beta0node.js
ORstrapistrapiMatch3.0.0beta1node.js
ORstrapistrapiMatch3.0.0beta10node.js
ORstrapistrapiMatch3.0.0beta11node.js
ORstrapistrapiMatch3.0.0beta12node.js
ORstrapistrapiMatch3.0.0beta13node.js
ORstrapistrapiMatch3.0.0beta14node.js
ORstrapistrapiMatch3.0.0beta15node.js
ORstrapistrapiMatch3.0.0beta16node.js
ORstrapistrapiMatch3.0.0beta16.1node.js
ORstrapistrapiMatch3.0.0beta16.2node.js
ORstrapistrapiMatch3.0.0beta16.3node.js
ORstrapistrapiMatch3.0.0beta16.4node.js
ORstrapistrapiMatch3.0.0beta16.5node.js
ORstrapistrapiMatch3.0.0beta16.6node.js
ORstrapistrapiMatch3.0.0beta16.7node.js
ORstrapistrapiMatch3.0.0beta16.8node.js
ORstrapistrapiMatch3.0.0beta17node.js
ORstrapistrapiMatch3.0.0beta17.1node.js
ORstrapistrapiMatch3.0.0beta17.2node.js
ORstrapistrapiMatch3.0.0beta17.3node.js
ORstrapistrapiMatch3.0.0beta17.4node.js
ORstrapistrapiMatch3.0.0beta17.5node.js
ORstrapistrapiMatch3.0.0beta17.6node.js
ORstrapistrapiMatch3.0.0beta17.7node.js
ORstrapistrapiMatch3.0.0beta17.8node.js
ORstrapistrapiMatch3.0.0beta18node.js
ORstrapistrapiMatch3.0.0beta18.1node.js
ORstrapistrapiMatch3.0.0beta18.2node.js
ORstrapistrapiMatch3.0.0beta18.3node.js
ORstrapistrapiMatch3.0.0beta2node.js
ORstrapistrapiMatch3.0.0beta3node.js
ORstrapistrapiMatch3.0.0beta4node.js
ORstrapistrapiMatch3.0.0beta5node.js
ORstrapistrapiMatch3.0.0beta6node.js
ORstrapistrapiMatch3.0.0beta7node.js
ORstrapistrapiMatch3.0.0beta8node.js
ORstrapistrapiMatch3.0.0beta9node.js
| CPE | Name | Operator | Version |
|---|---|---|---|
| strapi:strapi | strapi | lt | 3.0.0 |
CNA Affected
[
{
"product": "Strapi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v3.0.0-beta.18.4"
}
]
}
]References
Related
veracode
veracode
OS Command Injection
2020-02-05 04:10:53
osv
osv
Uncontrolled Resource Consumption in strapi
2021-12-10 17:22:01
CVE-2020-8123
2020-02-04 20:15:14
prion
prion
Denial of service
2020-02-04 20:15:00
hackerone
hackerone
cvelist
cvelist
CVE-2020-8123
2020-02-04 19:08:57
github
github
Uncontrolled Resource Consumption in strapi
2021-12-10 17:22:01
nvd
nvd
CVE-2020-8123
2020-02-04 20:15:14
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.3%
Related for CVE-2020-8123