strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-11-06T18:26:20.324Z
Updated: 2023-11-06T18:26:20.324Z
Reserved: 2023-07-28T13:26:46.476Z
Link: CVE-2023-39345
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-06T19:15:09.027
Modified: 2023-11-14T19:36:04.247
Link: CVE-2023-39345
JSON object: View
Redhat Information
No data.
CWE