2 matches found
@koj/strapi (>=0.0.0 <=1.4.0) potentially affected by CVE-2020-27665 via strapi-plugin-content-type-builder (=3.1.6)
strapi-plugin-content-type-builder NPM version =3.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on strapi-plugin-content-type-builder and may be impacted: - @koj/strapi =0.0.0, =1.4.0 Source cves: CVE-2020-27665 Source advisory: OSV:GHSA-4P55-XJ37-F...
CVE-2020-27665
CVE-2020-27665 affects Strapi before 3.2.5, where the admin::hasPermissions restriction is not enforced for CTB (content-type-builder) routes. The root cause is missing authorization controls on CTB routes, enabling potential unauthorized access to resources via CTB endpoints. Public details in c...