CVE-2022-31367

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31367

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31367.json

Aliases

GHSA-4phg-hpqm-c3j4

Published

2022-09-27T23:15:13Z

Modified

2023-11-29T09:47:01.315419Z

Details

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.

References

Affected packages

Git / github.com/strapi/strapi

Affected ranges

Type: GIT
Repo: https://github.com/strapi/strapi
Events: Introduced

b181702f0202b2c6d645d42b195a831f25cd0b03

Fixed

06abcda86ab96fc560b3ff5e3d72c4d5c1c5d42c

Affected versions

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.2.0-alpha.0