First published: Thu Dec 05 2019(Updated: )
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Strapi Strapi | <=1.6.4 | |
Strapi Strapi | =3.0.0-alpha10.1 | |
Strapi Strapi | =3.0.0-alpha10.2 | |
Strapi Strapi | =3.0.0-alpha10.3 | |
Strapi Strapi | =3.0.0-alpha11 | |
Strapi Strapi | =3.0.0-alpha11.1 | |
Strapi Strapi | =3.0.0-alpha11.2 | |
Strapi Strapi | =3.0.0-alpha11.3 | |
Strapi Strapi | =3.0.0-alpha12 | |
Strapi Strapi | =3.0.0-alpha12.1 | |
Strapi Strapi | =3.0.0-alpha12.1.3 | |
Strapi Strapi | =3.0.0-alpha12.2 | |
Strapi Strapi | =3.0.0-alpha12.3 | |
Strapi Strapi | =3.0.0-alpha12.4 | |
Strapi Strapi | =3.0.0-alpha12.5 | |
Strapi Strapi | =3.0.0-alpha12.6 | |
Strapi Strapi | =3.0.0-alpha12.7 | |
Strapi Strapi | =3.0.0-alpha12.7.1 | |
Strapi Strapi | =3.0.0-alpha13 | |
Strapi Strapi | =3.0.0-alpha13.0.1 | |
Strapi Strapi | =3.0.0-alpha13.1 | |
Strapi Strapi | =3.0.0-alpha14 | |
Strapi Strapi | =3.0.0-alpha14.1 | |
Strapi Strapi | =3.0.0-alpha14.1.1 | |
Strapi Strapi | =3.0.0-alpha14.2 | |
Strapi Strapi | =3.0.0-alpha14.3 | |
Strapi Strapi | =3.0.0-alpha14.4.0 | |
Strapi Strapi | =3.0.0-alpha14.5 | |
Strapi Strapi | =3.0.0-alpha15 | |
Strapi Strapi | =3.0.0-alpha16 | |
Strapi Strapi | =3.0.0-alpha17 | |
Strapi Strapi | =3.0.0-alpha18 | |
Strapi Strapi | =3.0.0-alpha19 | |
Strapi Strapi | =3.0.0-alpha20 | |
Strapi Strapi | =3.0.0-alpha21 | |
Strapi Strapi | =3.0.0-alpha22 | |
Strapi Strapi | =3.0.0-alpha23 | |
Strapi Strapi | =3.0.0-alpha23.1 | |
Strapi Strapi | =3.0.0-alpha24 | |
Strapi Strapi | =3.0.0-alpha24.1 | |
Strapi Strapi | =3.0.0-alpha25 | |
Strapi Strapi | =3.0.0-alpha25.1 | |
Strapi Strapi | =3.0.0-alpha25.2 | |
Strapi Strapi | =3.0.0-alpha26 | |
Strapi Strapi | =3.0.0-alpha26.1 | |
Strapi Strapi | =3.0.0-alpha26.2 | |
Strapi Strapi | =3.0.0-alpha4 | |
Strapi Strapi | =3.0.0-alpha4.8 | |
Strapi Strapi | =3.0.0-alpha5.3 | |
Strapi Strapi | =3.0.0-alpha5.5 | |
Strapi Strapi | =3.0.0-alpha6.3 | |
Strapi Strapi | =3.0.0-alpha6.4 | |
Strapi Strapi | =3.0.0-alpha6.7 | |
Strapi Strapi | =3.0.0-alpha7.2 | |
Strapi Strapi | =3.0.0-alpha7.3 | |
Strapi Strapi | =3.0.0-alpha8 | |
Strapi Strapi | =3.0.0-alpha8.3 | |
Strapi Strapi | =3.0.0-alpha9 | |
Strapi Strapi | =3.0.0-alpha9.1 | |
Strapi Strapi | =3.0.0-alpha9.2 | |
Strapi Strapi | =3.0.0-beta0 | |
Strapi Strapi | =3.0.0-beta1 | |
Strapi Strapi | =3.0.0-beta10 | |
Strapi Strapi | =3.0.0-beta11 | |
Strapi Strapi | =3.0.0-beta12 | |
Strapi Strapi | =3.0.0-beta13 | |
Strapi Strapi | =3.0.0-beta14 | |
Strapi Strapi | =3.0.0-beta15 | |
Strapi Strapi | =3.0.0-beta16 | |
Strapi Strapi | =3.0.0-beta16.1 | |
Strapi Strapi | =3.0.0-beta16.2 | |
Strapi Strapi | =3.0.0-beta16.3 | |
Strapi Strapi | =3.0.0-beta16.4 | |
Strapi Strapi | =3.0.0-beta16.5 | |
Strapi Strapi | =3.0.0-beta16.6 | |
Strapi Strapi | =3.0.0-beta16.7 | |
Strapi Strapi | =3.0.0-beta16.8 | |
Strapi Strapi | =3.0.0-beta17 | |
Strapi Strapi | =3.0.0-beta17.1 | |
Strapi Strapi | =3.0.0-beta17.2 | |
Strapi Strapi | =3.0.0-beta17.3 | |
Strapi Strapi | =3.0.0-beta17.4 | |
Strapi Strapi | =3.0.0-beta17.5 | |
Strapi Strapi | =3.0.0-beta17.6 | |
Strapi Strapi | =3.0.0-beta17.7 | |
Strapi Strapi | =3.0.0-beta2 | |
Strapi Strapi | =3.0.0-beta3 | |
Strapi Strapi | =3.0.0-beta4 | |
Strapi Strapi | =3.0.0-beta5 | |
Strapi Strapi | =3.0.0-beta6 | |
Strapi Strapi | =3.0.0-beta7 | |
Strapi Strapi | =3.0.0-beta8 | |
Strapi Strapi | =3.0.0-beta9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.