4 matches found
@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2021-46440 via strapi (>=2.0.2 <=3.6.8)
strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2021-46440 Source advisory: OSV:GHSA-85VG-GRR5-PW42...
CVE-2021-46440
The CVE-2021-46440 issue affects Strapi (DOCUMENTATION plugin) prior to 3.6.9 and prior to 4.1.5. It stores passwords in a recoverable format, allowing an attacker who can access a victim’s HTTP request to retrieve the cookie, base64-decode it, and obtain a cleartext password. This enables access...
Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities
Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...
Strapi 3.6.8 Password Disclosure / Insecure Handling
Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...