2 matches found
CVE-2020-8123
CVE-2020-8123 affects Strapi up to v3.0.0-beta.18.3 and earlier. The vulnerability arises in the admin console where installPlugin/uninstallPlugin paths pass user input to execa after a regex check, allowing argument injection via inputs like -h, --help, -v, or --version. This can cause the serve...
CVE-2020-8123
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application...