Lucene search
+L

139 matches found

Veracode
Veracode
added 2024/06/13 7:17 a.m.14 views

Denial-of-Service (DoS)

@strapi/plugin-upload is vulnerable to Denial-of-Service DoS. The vulnerability is due to the server crashing without restarting when handling errors, causing it to become unavailable for all clients until manually restarted...

6.5CVSS6.7AI score0.00736EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2024/06/12 7:39 p.m.8 views

@chargeover/strapi (=0.0.1-rc1.1), @cowprotocol/cms (=0.1.0-rc.5) +14 more potentially affected by CVE-2024-34065 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.1.9)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =0.0.1, =0.1.0, =0.1.10 - strapi-voting =0.2.1 - strapigo =0.1.0 - sveltekit-strapi =0.1.0 and more Source cves: CVE-2024-34065 Source advisory: OSV:GHSA-WRVH-RCMR-9QFC...

8.1CVSS7.2AI score0.0071EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/06/12 7:38 p.m.6 views

@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +61 more potentially affected by CVE-2024-31217 via @strapi/plugin-upload (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.21.1)

@strapi/plugin-upload NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =9.0.2 and more Source cves: CVE-2024-31217 Source advisory: OSV:GHSA-PM9Q-XJ9P-96PM...

6.5CVSS6.5AI score0.00736EPSS
Exploits1
CVE
CVE
added 2024/06/12 2:50 p.m.57 views

CVE-2024-31217

CVE-2024-31217 is a DoS in Strapi’s media upload via @strapi/plugin-upload prior to version 4.22.0. The vulnerability can crash the server during file uploads without restart, affecting both development and production environments. The issue arises when errors are mishandled, causing the server t...

6.5CVSS5.4AI score0.00736EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.7 views

PT-2024-25676 · Strapi · @Strapi/Plugin-Users-Permissions

Name of the Vulnerable Software and Affected Versions: @strapi/plugin-users-permissions versions prior to 4.24.2 Description: The issue arises from combining two vulnerabilities in @strapi/plugin-users-permissions: an Open Redirect and a session token sent as a URL query parameter. This allows an...

8.1CVSS7.3AI score0.0071EPSS
Exploits1References9
Veracode
Veracode
added 2023/11/21 5:45 a.m.19 views

Improper Authorization

strapi-plugin-protected-populate is vulnerable to Improper Authorization. The vulnerability is due to the protectPopulate function of protect-route.js, which allows a users to populate fields they don't have access, resulting in field-level security bypass...

5.3CVSS7AI score0.00601EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2023/11/03 7:1 p.m.4 views

@mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.2 <=1.0.0-alpha.3), sneakmax (=0.1.0) +3 more potentially affected by CVE-2023-39345 via @strapi/plugin-users-permissions (>=4.0.2 <=4.11.2)

@strapi/plugin-users-permissions NPM version =4.0.2, =1.0.0-alpha.2, =1.0.0-alpha.3 - sneakmax =0.1.0 - sneakmaxtesttemplate =0.1.0 - sneakmaxtesttemplatev2 =0.1.0 - sveltekit-strapi =0.1.0 Source cves: CVE-2023-39345 Source advisory: OSV:GHSA-GC7P-J5XM-XXH2...

7.6CVSS7.1AI score0.00496EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/09/13 4:32 p.m.6 views

@mattie-bundle/mattie-strapi-bundle-example (>=1.0.0-alpha.0 <=1.0.0-alpha.3), sneakmax (=0.1.0) +3 more potentially affected by CVE-2023-38507 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.11.2)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =1.0.0-alpha.3 - sneakmax =0.1.0 - sneakmaxtesttemplate =0.1.0 - sneakmaxtesttemplatev2 =0.1.0 - sveltekit-strapi =0.1.0 Source cves: CVE-2023-38507 Source advisory: OSV:GHSA-24Q2-59HM-RH9R...

9.8CVSS7.2AI score0.00761EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/04/19 9:41 p.m.7 views

@antgineering-studio/strapi (=4.5.5), @beardeddudes/strapi-types (>=0.1.0 <=0.1.1) +126 more potentially affected by CVE-2023-22621 via @strapi/plugin-email (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.5.5)

@strapi/plugin-email NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =4.2.0, =4.2.2, =0.0.1, =1.0.1, =0.1.1, =1.0.9, =0.0.1, =0.0.5 and more Source cves: CVE-2023-22621 Source advisory: OSV:GHSA-2H87-4Q2W-V4HF...

10CVSS7AI score0.76825EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2023/04/19 6:33 p.m.6 views

@chargeover/strapi (=0.0.1-rc1.1), @cowprotocol/cms (=0.1.0-rc.5) +27 more potentially affected by CVE-2023-22893 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.5.1)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =2.1.0, =1.0.0, =0.1.1, =0.0.1, =0.1.0, =1.0.10, =4.3.15 - robsen-strapi-site =0.1.0 - sneakmax =0.1.0 and more Source cves: CVE-2023-22893 Source advisory: OSV:GHSA-583X-23H9-F5W7...

8.2CVSS7.1AI score0.04158EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/04/18 10:28 p.m.7 views

@chargeover/strapi (=0.0.1-rc1.1), @cowprotocol/cms (=0.1.0-rc.5) +27 more potentially affected by unknown CVE via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.5.1)

@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =2.1.0, =1.0.0, =0.1.1, =0.0.1, =0.1.0, =1.0.10, =4.3.15 - robsen-strapi-site =0.1.0 - sneakmax =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XV3Q-JRMM-4FXV...

5.8AI score
Exploits0
Veracode
Veracode
added 2022/08/31 2:58 a.m.12 views

Authentication Bypass

strapi-plugin-ezforms is vulnerable to authentication bypass. The vulnerability exists due to improper capture validation which allows a malicious user to login into the system using unauthorized capture...

3.8AI score
Exploits0
OSV
OSV
added 2022/08/30 8:54 p.m.13 views

GHSA-8MGQ-6R2Q-82W9 Captcha Bypass in strapi-plugin-ezforms

Impact Users using any captcha providers Patches 0.1.0 References Issue...

7.2AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/08/30 8:54 p.m.20 views

Captcha Bypass in strapi-plugin-ezforms

Impact Users using any captcha providers Patches 0.1.0 References Issue...

3.6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/03 6:15 p.m.20 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

7.5CVSS7.5AI score
Exploits0References4
Cvelist
Cvelist
added 2022/05/03 5:3 p.m.43 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

7.6AI score0.02786EPSS
Exploits3References4
Veracode
Veracode
added 2020/11/02 6:7 a.m.14 views

Insecure Authorization

strapi-plugin-content-type-builder suffers from insecure authorization. The admin::hasPermissions restriction for the content-type-builder CTB routes are not configured, allowing unauthorized access to the affected resources...

7.5CVSS4.8AI score0.01209EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2020/10/29 7:40 p.m.8 views

@koj/strapi (>=0.0.0 <=1.4.0), strapi-editorjs (=0.0.1) +1 more potentially affected by CVE-2020-27666 via strapi-plugin-content-manager (>=3.0.0-beta.18.7 <=3.1.6)

strapi-plugin-content-manager NPM version =3.0.0-beta.18.7, =0.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 Source cves: CVE-2020-27666 Source advisory: OSV:GHSA-QVP5-MM7V-4F36...

5.4CVSS6AI score0.00596EPSS
Exploits0
Veracode
Veracode
added 2020/10/23 8:33 a.m.22 views

Unsecured Proxy

strapi-plugin-upload contains an unsecured proxy. An unauthenticated user is able to access the proxy without any authorization, allowing for access to other protected resources...

9.8CVSS4.2AI score0.02292EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder