GHSA-4PHG-HPQM-C3J4 Strapi mishandles hidden attributes within admin API responses

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

Strapi mishandles hidden attributes within admin API responses

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

CVE-2022-31367

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

Design/Logic Flaw

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

CVE-2022-31367

Strapi CMS (versions prior to 3.6.10 and 4.x prior to 4.1.10) is affected by a SQL injection vulnerability caused by incorrect handling of hidden attributes in admin API responses. This design/logic flaw allows an attacker to exfiltrate database data. Remediation: upgrade to Strapi 3.6.10 or 4.1....

CVE-2022-31367

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

PT-2022-20719 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi versions 3.x through 3.6.9 Strapi versions 4.x through 4.1.9 Description: The issue concerns the mishandling of hidden attributes within admin API responses. Recommendations: For Strapi versions 3.x through 3.6.9, update to version...

PT-2022-23199

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.15.1 Description The issue is related to Improper Authorization functions, which allow non-privileged users to run privileged API calls. If users without admin privileges are added to the Netmaker platform, they ca...

CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...

CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...

Malicious code in dklive-admin-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f25b6aa3df8e64492212034b89f7b8436a8308890075a12f901ebdc6794d2c75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2535 Malicious code in dklive-admin-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f25b6aa3df8e64492212034b89f7b8436a8308890075a12f901ebdc6794d2c75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-29906

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66 omits a check for the quizadmin user...

Design/Logic Flaw

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66 omits a check for the quizadmin user...

GHSA-9WRV-G75H-8CCC Improper Access Control in Shopware

Shopware 6 is an open commerce platform based on Symfony Framework and Vue and supported by a worldwide community and more than 1.500 community extensions. Permissions set to sales channel context by admin-api are still useable within normal user session. We recommend updating to the current...

Privilege Escalation

shopware/platform and shopware/core are vulnerable to privilege escalation. Lack of secure handling allows the permissions set by admin-api for sales channel context to be able use within normal user sessions...

Design/Logic Flaw

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...

CVE-2022-24872 Improper Access Control in shopware

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...

CVE-2022-24872 Improper Access Control in shopware

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware, which stems from the fact that the admin-api privilege settings for the sales channel are still available in a normal user session...