5 matches found
@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.3) +12 more potentially affected by CVE-2022-31367 via strapi (>=2.0.2 <=3.6.1)
strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.1.3, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2022-31367 Source advisory: OSV:GHSA-4PHG-HPQM-C3J4...
@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +48 more potentially affected by CVE-2022-31367 via @strapi/strapi (>=4.0.2 <=4.19.1)
@strapi/strapi NPM version =4.0.2, =4.12.2, =1.0.9, =1.0.0-alpha.2, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.0.8, =1.0.81 and more Source cves: CVE-2022-31367 Source advisory: OSV:GHSA-4PHG-HPQM-C3J4...
CVE-2022-31367
Strapi CMS (versions prior to 3.6.10 and 4.x prior to 4.1.10) is affected by a SQL injection vulnerability caused by incorrect handling of hidden attributes in admin API responses. This design/logic flaw allows an attacker to exfiltrate database data. Remediation: upgrade to Strapi 3.6.10 or 4.1....
CVE-2022-31367
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...
CVE-2022-31367
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...