9 matches found
CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...
Duplicate Advisory: OS Command Injection in Strapi
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...
GHSA-49VV-6Q7Q-W5CF Duplicate Advisory: OS Command Injection in Strapi
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...
Node.js third-party modules: Denial Of Service in Strapi Framework using argument injection
I would like to report Denial Of Service in Strapi Framework.It allows attacker to force restart the server using argument injection. Module module name: strapi version: 3.0.0-beta.18.3 and earlier npm page: https://www.npmjs.com/package/strapi Module Description The Strapi HTTP layer sits on top...
CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...
CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...
Remote code execution
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...
CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...
Strapi Admin Panel Install and Uninstall Plugin Component Remote Code Execution Vulnerability
Strapi is an open source headless content management system CMS. install and Uninstall Plugin is one of the install and uninstall plugin . A remote code execution vulnerability exists in the Install and Uninstall Plugin component of the Admin panel in Strapi, which stems from the program's failur...