Vulnerabilities > Strapi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-20 | CVE-2023-48218 | Incorrect Authorization vulnerability in Strapi Protected Populate The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. | 5.3 |
| 2023-11-06 | CVE-2023-39345 | Improper Authentication vulnerability in Strapi strapi is an open-source headless CMS. | 7.5 |
| 2023-09-15 | CVE-2023-38507 | Allocation of Resources Without Limits or Throttling vulnerability in Strapi Strapi is the an open-source headless content management system. | 9.8 |
| 2023-09-15 | CVE-2023-36472 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 5.7 |
| 2023-09-15 | CVE-2023-37263 | Unspecified vulnerability in Strapi Strapi is the an open-source headless content management system. | 2.7 |
| 2023-07-25 | CVE-2023-34235 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 7.5 |
| 2023-07-25 | CVE-2023-34093 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 7.1 |
| 2023-04-19 | CVE-2023-22621 | Injection vulnerability in Strapi Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. | 7.2 |
| 2023-04-19 | CVE-2023-22893 | Improper Authentication vulnerability in Strapi Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. | 7.5 |
| 2023-04-19 | CVE-2023-22894 | Cleartext Storage of Sensitive Information vulnerability in Strapi Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. | 4.9 |