WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-39345 Vulnerability in npm package @strapi/strapi

Description

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Remediation

References

https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2

Related Vulnerabilities

CVE-2017-16174 Vulnerability in npm package whispercast

CVE-2020-7713 Vulnerability in npm package arr-flatten-unflatten

CVE-2021-23624 Vulnerability in npm package dotty

CVE-2020-7758 Vulnerability in npm package browserless-chrome

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Exploit Vendor Advisory NVD-CWE-noinfo