Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2022-31367

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
strapi / strapi 4.0.0 4.1.10
strapi / strapi - 3.6.10
Node.js icon strapi - 3.6.10
Node.js icon @strapi / strapi 4.0.0-next.0 4.1.10