Description

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

Remediation

References

http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html

http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html

https://bittherapy.net/post/strapi-framework-remote-code-execution/

https://github.com/strapi/strapi/pull/4636

Related Vulnerabilities

CVE-2023-4043 Vulnerability in maven package org.eclipse.parsson:project

CVE-2010-4172 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-44487 Vulnerability in maven package org.eclipse.jetty.http2:http2-common

CVE-2017-16018 Vulnerability in npm package restify

CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.layui:layui

Severity

High

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory VDB Entry Patch