5 matches found
CVE-2020-27664
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality...
Authorization Bypass
Overview admin/src/containers/InputModalStepperProvider/index.js in strapi before 3.2.5 has unwanted /proxy?url= functionality. Recommendation Upgrade to version 3.2.5 or later References - CVE - GitHub Advisory...
CVE-2020-27664
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality...
CVE-2020-27664
Strapi prior to 3.2.5 contains a vulnerability in admin/src/containers/InputModalStepperProvider/index.js enabling an unwanted proxy/ URL parameter handling ("/proxy?url=") that could be abused. Public sources (NVD entry CVE-2020-27664, Red Hat advisory, GitHub/OSSV and GHSA) document this as an ...
CVE-2020-27664
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality...