Описание
Improper Input Validation in strapi
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.
Пакеты
Наименование
strapi
npm
Затронутые версииВерсия исправления
< 3.0.2
3.0.2
Связанные уязвимости
CVSS3: 6.5
nvd
больше 5 лет назад
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.