Description
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.
Remediation
References
https://github.com/strapi/strapi/releases/tag/v4.1.10
https://github.com/strapi/strapi/releases/tag/v3.6.10
https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367
Related Vulnerabilities
CVE-2021-40822 Vulnerability in maven package org.geoserver:gs-main
CVE-2021-43849 Vulnerability in npm package cordova-plugin-fingerprint-aio
CVE-2020-28458 Vulnerability in npm package datatables.net
CVE-2022-35915 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2019-16335 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind