Vulnerability	Vulnerable Version
C Improper Neutralization of Special Elements Used in a Template Engine @strapi/plugin-email is a headless CMS Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine. Remote attackers can inject a payload into an email template, which can execute code on the server, bypassing validation checks that should prevent code execution. The maintainers report that "This vulnerability’s scope was originally believed to be exploitable only if a malicious actor had access to the Strapi Admin Panel." How to fix Improper Neutralization of Special Elements Used in a Template Engine? Upgrade `@strapi/plugin-email` to version 4.5.6 or higher.	>=4.0.0-next.0 <4.5.6

Improper Neutralization of Special Elements Used in a Template Engine

@strapi/plugin-email is a headless CMS

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine. Remote attackers can inject a payload into an email template, which can execute code on the server, bypassing validation checks that should prevent code execution.

The maintainers report that "This vulnerability’s scope was originally believed to be exploitable only if a malicious actor had access to the Strapi Admin Panel."

How to fix Improper Neutralization of Special Elements Used in a Template Engine?

Upgrade @strapi/plugin-email to version 4.5.6 or higher.

>=4.0.0-next.0 <4.5.6

Go back to all versions of this package