Vulnerabilities > Strapi > Strapi > 3.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-38507 | Allocation of Resources Without Limits or Throttling vulnerability in Strapi Strapi is the an open-source headless content management system. | 9.8 |
| 2023-09-15 | CVE-2023-36472 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 5.7 |
| 2023-09-15 | CVE-2023-37263 | Unspecified vulnerability in Strapi Strapi is the an open-source headless content management system. | 2.7 |
| 2023-07-25 | CVE-2023-34235 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 7.5 |
| 2023-07-25 | CVE-2023-34093 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 7.1 |
| 2023-04-19 | CVE-2023-22621 | Injection vulnerability in Strapi Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. | 7.2 |
| 2023-04-19 | CVE-2023-22893 | Improper Authentication vulnerability in Strapi Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. | 7.5 |
| 2022-09-27 | CVE-2022-31367 | SQL Injection vulnerability in Strapi Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | 8.8 |
| 2022-06-13 | CVE-2022-29894 | Cross-site Scripting vulnerability in Strapi Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. | 3.5 |
| 2022-05-19 | CVE-2022-30617 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Strapi An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. | 9.0 |