GHSA-mcqm-6ff4-53qx

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-mcqm-6ff4-53qx/GHSA-mcqm-6ff4-53qx.json

Aliases

CVE-2022-29894

Published

2022-06-14T00:00:38Z

Modified

2022-06-24T00:53:31Z

Details

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-29894
https://github.com/strapi/strapi
https://jvn.jp/en/jp/JVN44550983/index.html
https://strapi.io/

Affected packages

npm / strapi

strapi

Affected ranges

Type: SEMVER
Events: Introduced

0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 3.6.10"
}