Vulnerabilities > Strapi > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-34065 | Authentication Bypass by Capture-replay vulnerability in Strapi Strapi is an open-source content management system. | 8.1 |
| 2023-11-06 | CVE-2023-39345 | Improper Authentication vulnerability in Strapi strapi is an open-source headless CMS. | 7.5 |
| 2023-07-25 | CVE-2023-34235 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 7.5 |
| 2023-07-25 | CVE-2023-34093 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 7.1 |
| 2023-04-19 | CVE-2023-22621 | Injection vulnerability in Strapi Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. | 7.2 |
| 2023-04-19 | CVE-2023-22893 | Improper Authentication vulnerability in Strapi Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. | 7.5 |
| 2022-09-27 | CVE-2022-31367 | SQL Injection vulnerability in Strapi Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | 8.8 |
| 2022-07-13 | CVE-2022-32114 | Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.12 An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. | 8.8 |
| 2022-04-12 | CVE-2022-27263 | Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.5 An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. | 7.5 |
| 2020-10-22 | CVE-2020-27664 | Unspecified vulnerability in Strapi admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | 7.5 |