VYPR

npm package

@strapi/utils

pkg:npm/%40strapi/utils

Vulnerabilities (3)

  • CVE-2023-36472Sep 15, 2023
    affected < 4.11.7fixed 4.11.7

    Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure th

  • CVE-2023-34235Jul 25, 2023
    affected < 4.10.8fixed 4.10.8

    Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as i

  • CVE-2023-34093Jul 25, 2023
    affected < 4.10.8fixed 4.10.8

    Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the a