CVE-2022-27263 – strapi

Package

Manager: npm
Name: strapi
Vulnerable Version: >=0 <=4.1.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.0218 pctl0.83718

Details

Unrestricted Upload of File with Dangerous Type in Strapi An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.

Metadata

Created: 2022-04-13T00:00:25Z
Modified: 2022-04-22T21:03:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-9qgm-w87q-hx89/GHSA-9qgm-w87q-hx89.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-9qgm-w87q-hx89
Finding: F027
Auto approve: 1