Vulnerabilities > Strapi > Strapi > 3.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-38507 | Allocation of Resources Without Limits or Throttling vulnerability in Strapi Strapi is the an open-source headless content management system. | 9.8 |
| 2023-09-15 | CVE-2023-36472 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 5.7 |
| 2023-09-15 | CVE-2023-37263 | Unspecified vulnerability in Strapi Strapi is the an open-source headless content management system. | 2.7 |
| 2023-07-25 | CVE-2023-34235 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 7.5 |
| 2023-07-25 | CVE-2023-34093 | Information Exposure vulnerability in Strapi Strapi is an open-source headless content management system. | 7.1 |
| 2023-04-19 | CVE-2023-22621 | Injection vulnerability in Strapi Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. | 7.2 |
| 2023-04-19 | CVE-2023-22893 | Improper Authentication vulnerability in Strapi Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. | 7.5 |
| 2023-04-19 | CVE-2023-22894 | Cleartext Storage of Sensitive Information vulnerability in Strapi Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. | 4.9 |
| 2022-09-27 | CVE-2022-31367 | SQL Injection vulnerability in Strapi Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | 8.8 |
| 2022-02-26 | CVE-2022-0764 | Unspecified vulnerability in Strapi Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | 6.7 |