VYPR
High severityNVD Advisory· Published May 3, 2022· Updated Aug 4, 2024

CVE-2021-46440

CVE-2021-46440

Description

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
strapinpm
< 3.6.93.6.9
@strapi/strapinpm
>= 4.0.0, < 4.1.54.1.5

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.