High severityNVD Advisory· Published Sep 27, 2022· Updated May 22, 2025
CVE-2022-31367
CVE-2022-31367
Description
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
strapinpm | < 3.6.10 | 3.6.10 |
@strapi/strapinpm | >= 4.0.0-next.0, < 4.1.10 | 4.1.10 |
Affected products
3- ghsa-coords2 versions
>= 4.0.0-next.0, < 4.1.10+ 1 more
- (no CPE)range: >= 4.0.0-next.0, < 4.1.10
- (no CPE)range: < 3.6.10
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-4phg-hpqm-c3j4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31367ghsaADVISORY
- github.com/kos0ng/CVEs/tree/main/CVE-2022-31367ghsax_refsource_MISCWEB
- github.com/strapi/strapi/pull/13185ghsaWEB
- github.com/strapi/strapi/pull/13189ghsaWEB
- github.com/strapi/strapi/releases/tag/v3.6.10ghsax_refsource_MISCWEB
- github.com/strapi/strapi/releases/tag/v4.1.10ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.