CVE-2022-31367

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.
References
Link Resource
https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367 Exploit Third Party Advisory
https://github.com/strapi/strapi/releases/tag/v3.6.10 Release Notes Third Party Advisory
https://github.com/strapi/strapi/releases/tag/v4.1.10 Release Notes Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*
cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-27 23:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-31367

Mitre link : CVE-2022-31367

CVE.ORG link : CVE-2022-31367


JSON object : View

Products Affected

strapi

  • strapi
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')