CVE-2022-31367

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-31367

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31367.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31367

Aliases

GHSA-4phg-hpqm-c3j4

Published

2022-09-27T23:15:13.617Z

Modified

2026-04-10T04:47:52.733135Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.

References

Affected packages

Git / github.com/strapi/strapi

Affected ranges

Type

GIT

Repo

https://github.com/strapi/strapi

Events

Introduced

Fixed

86f882bc154e16321fbc83d0086e0d956bb5e82a

Introduced

b181702f0202b2c6d645d42b195a831f25cd0b03

Fixed

06abcda86ab96fc560b3ff5e3d72c4d5c1c5d42c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.6.10"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.1.10"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.5

v1.0.6

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v3.*

v3.0.0-alpha.12.7

v3.0.0-alpha.12.7.1

v3.0.0-alpha.13

v3.0.0-alpha.23.1

v3.0.0-alpha.4

v3.0.0-alpha.4.8

v3.0.0-alpha.6.4

v3.0.0-alpha.6.7

v3.0.0-alpha.7.3

v3.0.0-alpha.9

v3.0.0-beta.0

v3.0.0-beta.1

v3.0.0-beta.10

v3.0.0-beta.11

v3.0.0-beta.12

v3.0.0-beta.13

v3.0.0-beta.14

v3.0.0-beta.15

v3.0.0-beta.16

v3.0.0-beta.16.1

v3.0.0-beta.16.2

v3.0.0-beta.16.3

v3.0.0-beta.16.4

v3.0.0-beta.16.5

v3.0.0-beta.16.6

v3.0.0-beta.16.7

v3.0.0-beta.16.8

v3.0.0-beta.17

v3.0.0-beta.17.1

v3.0.0-beta.17.2

v3.0.0-beta.17.4

v3.0.0-beta.17.5

v3.0.0-beta.17.6

v3.0.0-beta.17.7

v3.0.0-beta.17.8

v3.0.0-beta.18

v3.0.0-beta.18.1

v3.0.0-beta.18.2

v3.0.0-beta.18.3

v3.0.0-beta.18.4

v3.0.0-beta.18.5

v3.0.0-beta.18.6

v3.0.0-beta.18.7

v3.0.0-beta.18.8

v3.0.0-beta.19

v3.0.0-beta.19.1

v3.0.0-beta.19.2

v3.0.0-beta.19.3

v3.0.0-beta.19.4

v3.0.0-beta.2

v3.0.0-beta.20

v3.0.0-beta.3

v3.0.0-beta.4

v3.0.0-beta.5

v3.0.0-beta.6

v3.0.0-beta.7

v3.0.0-beta.8

v3.0.0-beta.9

v3.1.0

v3.1.3

v3.1.4

v3.2.1

v3.2.2

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

v3.6.7

v3.6.8

v3.6.9

v4.*

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.1.0

v4.1.1

v4.1.3

v4.1.8

v4.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31367.json"