4 matches found
@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +50 more potentially affected by CVE-2024-29181 via @strapi/plugin-content-manager (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.19.0)
@strapi/plugin-content-manager NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.1.0 - @purnamasari/strapi-plugin-firebase-auth =1.0.11 and more Source cves: CVE-2024-29181 Source advisory:...
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...