WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-39345 Vulnerability in npm package @strapi/strapi

Description

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Remediation

References

https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2

Related Vulnerabilities

CVE-2021-3137 Vulnerability in maven package org.xwiki.commons:xwiki-commons

CVE-2022-25898 Vulnerability in maven package org.webjars.npm:jsrsasign

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bc-fips-debug

CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-keycloak-authorization

CVE-2020-6464 Vulnerability in maven package org.webjars.npm:electron

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Exploit Vendor Advisory