Lucene search
Veracode Vulnerability DatabaseVERACODE:37315HistorySep 28, 2022 - 8:32 a.m.
Information Disclosure
2022-09-2808:32:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
strapi
vulnerability
information disclosure
admin api
0.002 Low
EPSS
Percentile
57.3%
strapi is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of the attributes within admin API responses allowing an attacker to exploit the vulnerability use the information for malicious intent.
References
github.com/kos0ng/CVEs/tree/main/CVE-2022-31367
github.com/strapi/strapi/commit/1d50038e440482a7106d37353d8258436e9153bd
github.com/strapi/strapi/commit/55a6a2bc0b6f52ce5a10ffb174336ea5a30d78fe
github.com/strapi/strapi/pull/12881
github.com/strapi/strapi/releases/tag/v3.6.10
github.com/strapi/strapi/releases/tag/v4.1.10
Related
osv
osv
Strapi mishandles hidden attributes within admin API responses
2022-09-28 00:00:17
CVE-2022-31367
2022-09-27 23:15:13
cve
cve
CVE-2022-31367
2022-09-27 23:15:13
nvd
nvd
CVE-2022-31367
2022-09-27 23:15:13
prion
prion
Design/Logic Flaw
2022-09-27 23:15:00
cnvd
cnvd
Strapi SQL Injection Vulnerability
2022-09-29 00:00:00
cvelist
cvelist
CVE-2022-31367
2022-09-27 13:02:41
github
github
Strapi mishandles hidden attributes within admin API responses
2022-09-28 00:00:17