VYPR
High severityNVD Advisory· Published Dec 5, 2019· Updated Aug 5, 2024

CVE-2019-19609

CVE-2019-19609

Description

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
strapinpm
< 3.0.0-beta.17.83.0.0-beta.17.8

Affected products

2
  • Strapi/Strapi frameworkdescription
  • ghsa-coords
    Range: < 3.0.0-beta.17.8

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.