CVE-2022-31367: SQL Injection
First published: Tue Sep 27 2022(Updated: )
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Strapi Strapi | <3.6.10 | |
| Strapi Strapi | >=4.0.0<4.1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-31367.
What is the severity of CVE-2022-31367?
The severity of CVE-2022-31367 is high, with a severity value of 8.8.
What software versions are affected by CVE-2022-31367?
CVE-2022-31367 affects Strapi versions before 3.6.10 and 4.x before 4.1.10.
How does CVE-2022-31367 mishandle hidden attributes within admin API responses?
CVE-2022-31367 mishandles hidden attributes within admin API responses in Strapi before 3.6.10 and 4.x before 4.1.10.
How can I fix CVE-2022-31367?
To fix CVE-2022-31367, you should upgrade your Strapi to version 3.6.10 or above for 3.x versions, or to version 4.1.10 or above for 4.x versions.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/description
- agent/author
- agent/tags
- agent/event
- agent/source
- vendor/strapi
- canonical/strapi strapi
- version/strapi strapi/4.0.0