Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2022/05/04 12:0 a.m.4 views

@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2021-46440 via strapi (>=2.0.2 <=3.6.8)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2021-46440 Source advisory: OSV:GHSA-85VG-GRR5-PW42...

7.5CVSS7.1AI score0.02786EPSS
Exploits3
CVE
CVE
added 2022/05/03 5:3 p.m.1351 views

CVE-2021-46440

The CVE-2021-46440 issue affects Strapi (DOCUMENTATION plugin) prior to 3.6.9 and prior to 4.1.5. It stores passwords in a recoverable format, allowing an attacker who can access a victim’s HTTP request to retrieve the cookie, base64-decode it, and obtain a cleartext password. This enables access...

7.5CVSS7.3AI score0.02786EPSS
Exploits3References4Affected Software1
0day.today
0day.today
added 2022/05/03 12:0 a.m.239 views

Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities

Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...

7.5CVSS0.1AI score0.02786EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/05/02 12:0 a.m.525 views

Strapi 3.6.8 Password Disclosure / Insecure Handling

Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...

7.6AI score0.02786EPSS
Exploits3
Rows per page
Query Builder