Lucene search

K
githubGitHub Advisory DatabaseGHSA-65WV-528R-M892
HistoryMay 24, 2022 - 5:21 p.m.

Improper Input Validation in strapi

2022-05-2417:21:16
CWE-20
GitHub Advisory Database
github.com
11
strapi
input validation
remote attack

EPSS

0.001

Percentile

44.4%

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.

Affected configurations

Vulners
Node
strapistrapiRange<3.0.2
VendorProductVersionCPE
strapistrapi*cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*

EPSS

0.001

Percentile

44.4%

Related for GHSA-65WV-528R-M892