Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy

Critical EPSS: 0.01344% (0.78888 Percentile) EPSS:
Permalink JSON

Authorization bypass in Strapi

Affected Packages Affected Versions Fixed Versions
npm:strapi < 3.2.5 3.2.5
25 Dependent packages
4,153 Dependent repositories
36,224 Downloads last month

Affected Version Ranges

All affected versions

1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 2.0.1, 2.0.2, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4

All unaffected versions

3.2.5, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.

References:

Identifiers

GHSA-7frv-9phw-vrvr

CVE-2020-27664

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.01344

EPSS Percentile: 0.78888

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/strapi/strapi

Date and time

Published

about 4 years ago

Updated

almost 2 years ago

API

JSON