npm package
@strapi/utils
pkg:npm/%40strapi/utils
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-36472 | — | < 4.11.7 | 4.11.7 | Sep 15, 2023 | Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure th | ||
| CVE-2023-34235 | — | < 4.10.8 | 4.10.8 | Jul 25, 2023 | Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as i | ||
| CVE-2023-34093 | — | < 4.10.8 | 4.10.8 | Jul 25, 2023 | Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the a |
- CVE-2023-36472Sep 15, 2023affected < 4.11.7fixed 4.11.7
Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure th
- CVE-2023-34235Jul 25, 2023affected < 4.10.8fixed 4.10.8
Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as i
- CVE-2023-34093Jul 25, 2023affected < 4.10.8fixed 4.10.8
Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the a