4 matches found
@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2022-0764 via strapi (>=2.0.2 <=3.6.8)
strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2022-0764 Source advisory: OSV:GHSA-XRJF-PHVV-R4VR...
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...
CVE-2022-0764 Arbitrary Command Injection in strapi/strapi
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...
CVE-2022-0764
Strapi (strapi/strapi) is affected by CVE-2022-0764: an OS command injection vulnerability in versions prior to 4.1.0 due to improper sanitization of user input when creating an app via the template CLI argument. Impact is arbitrary command execution with local access. Mitigation: update to 4.1.0...