Moderate severityNVD Advisory· Published Jun 19, 2020· Updated Aug 4, 2024
CVE-2020-13961
CVE-2020-13961
Description
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
strapinpm | < 3.0.2 | 3.0.2 |
Affected products
2- Strapi/Strapidescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-65wv-528r-m892ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13961ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/183045ghsax_refsource_MISCWEB
- github.com/strapi/strapi/pull/6599ghsax_refsource_CONFIRMWEB
- github.com/strapi/strapi/releases/tag/v3.0.2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.