strapi@3.6.10 vulnerabilities
An open source headless CMS solution to create and manage your own API. It provides a powerful dashboard and features to make your life easier. Databases supported: MongoDB, MySQL, MariaDB, PostgreSQL, SQLite
-
latest version
3.6.11
-
first published
11 years ago
-
latest version published
a year ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the strapi package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
strapi is a HTTP layer sits on top of Koa. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via file upload module, which allows attackers with How to fix Cross-site Scripting (XSS)? There is no fixed version for |
*
|
strapi is a HTTP layer sits on top of Koa. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to insufficient sanitization of user-supplied data in the file Note:
Users of How to fix Cross-site Scripting (XSS)? There is no fixed version for |
*
|
strapi is a HTTP layer sits on top of Koa. Affected versions of this package are vulnerable to Improper Authentication. If an attacker is able to access a valid admin session, they can then change the account's password without being required to input the current password. How to fix Improper Authentication? A fix was pushed into the |
*
|