Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset tokens, by crafting queries with the lookup parameter. This vulnerability is fixed in 5.5.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NStrapi
APPStrapi5.0.0 – 5.5.2 (bez)
Related vulnerabilities
SQL Injection w Strapi Content-Type Builder — możliwe RCE i odczyt plików
Strapi: Path Traversal w filtrach relacyjnych umożliwia przejęcie konta admina
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute ...
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functi...
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and ...