@strapi/plugin-users-permissions
Protect your API with a full-authentication process based on JWT
Security Advisories for @strapi/plugin-users-permissions in npm
Low
about 2 months ago
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
npm
@strapi/plugin-users-permissions, @strapi/admin
Moderate
about 2 months ago
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying
npm
@strapi/plugin-users-permissions
Potential
Potential
Moderate
about 1 year ago
Strapi allows Server-Side Request Forgery in Webhook function
npm
@strapi/admin
High
about 2 years ago
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
npm
@strapi/plugin-users-permissions
Potential
Moderate
about 2 years ago
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
npm
@strapi/plugin-upload
High
over 2 years ago
Unauthorized Access to Private Fields in User Registration API
npm
@strapi/strapi, @strapi/plugin-users-permissions
High
almost 3 years ago
Strapi Improper Rate Limiting vulnerability
npm
@strapi/plugin-users-permissions, @strapi/admin
Critical
about 3 years ago
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
npm
@strapi/plugin-email, @strapi/plugin-users-permissions
Potential
High
about 3 years ago
Strapi leaking sensitive user information by filtering on private fields
npm
@strapi/strapi
Moderate
about 3 years ago
Strapi does not verify the access or ID tokens issued during the OAuth flow
npm
@strapi/plugin-users-permissions
High
about 3 years ago
Authentication Bypass in @strapi/plugin-users-permissions
npm
@strapi/plugin-users-permissions
Potential
Potential