VYPR

npm package

@strapi/plugin-content-manager

pkg:npm/%40strapi/plugin-content-manager

Vulnerabilities (3)

  • CVE-2024-29181Jun 12, 2024
    affected < 4.19.1fixed 4.19.1

    Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they

  • CVE-2023-37263Sep 15, 2023
    affected < 4.12.1fixed 4.12.1

    Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will s

  • CVE-2023-36472Sep 15, 2023
    affected < 4.11.7fixed 4.11.7

    Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure th