4 matches found
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...
@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +49 more potentially affected by CVE-2022-32114 via @strapi/strapi (>=0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b <=4.1.12)
@strapi/strapi NPM version =0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.0.8, =1.0.81 and more Source cves: CVE-2022-32114 Source advisory: OSV:GHSA-4VM8-J95F-J6V5...
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...