CVE-2019-19609
Vulnerability from cvelistv5
Published
2019-12-05 19:44
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bittherapy.net/post/strapi-framework-remote-code-execution/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/strapi/strapi/pull/4636 | Patch, Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:11.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/strapi/strapi/pull/4636"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T16:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/strapi/strapi/pull/4636"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bittherapy.net/post/strapi-framework-remote-code-execution/",
"refsource": "MISC",
"url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"
},
{
"name": "https://github.com/strapi/strapi/pull/4636",
"refsource": "MISC",
"url": "https://github.com/strapi/strapi/pull/4636"
},
{
"name": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19609",
"datePublished": "2019-12-05T19:44:28",
"dateReserved": "2019-12-05T00:00:00",
"dateUpdated": "2024-08-05T02:25:11.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19609\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-05T20:15:10.200\",\"lastModified\":\"2021-09-14T12:03:35.023\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.\"},{\"lang\":\"es\",\"value\":\"El framework Strapi versiones anteriores a 3.0.0-beta.17.8, es vulnerable a una Ejecuci\u00f3n de C\u00f3digo Remota en los componentes del Plugin de Instalaci\u00f3n y Desinstalaci\u00f3n del panel de Administraci\u00f3n, ya que no sanea el nombre del plugin y los atacantes pueden inyectar comandos de shell arbitrarios para ser ejecutados mediante la funci\u00f3n execa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.4\",\"matchCriteriaId\":\"A97983D3-FFBA-485E-8496-6489A9074853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E72C7A0-197D-4324-BBB4-663223C52C7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"954FDA03-9914-42DC-9AF0-81CB69BD0442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha10.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4D7C63-F071-4572-BD81-65ABCA693A8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha11:*:*:*:*:*:*\",\"matchCriteriaId\":\"003189F7-77BD-416F-A253-C808E7E38A11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1DDFD47-7C0A-447F-9A34-F7690B28A4B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EA2B22-E04D-48FB-8BD9-9CD66598346A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha11.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F39E9F5-8AEE-4E26-A084-1BF813A65FFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EC2516-DA0E-4710-AB98-11E1081764DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62C28A62-C16D-47D6-9D56-2B236287CBF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D000CAF1-B033-4CF6-B6B4-1A9C10239886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C424AFC4-3DBA-4F69-A030-6B143ADEAE13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B8C9E2B-58B7-4938-BF34-BB2E4322F53F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE6F7CA0-11AE-45F0-B1AA-034A32CC0C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3747021-429C-4D16-A740-A9C69FA06561\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.6:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E76C452-5545-4495-A671-4207A3DFE710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D493E54-F8BE-470D-B78C-EF2E48645BEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"11C6D99B-67E0-4828-A812-EA987D585C75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha13:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D0EA14-3E88-491D-9522-5F9F2F968329\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha13.0.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"38DF3333-7B40-41A1-8C1A-EE644867193C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha13.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC59C0A-60C1-4DC7-B127-D512271DA491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14:*:*:*:*:*:*\",\"matchCriteriaId\":\"17CA9542-43DC-4D7D-A159-D7D56639EE46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1826129C-FF15-4422-97CA-F383E6F86B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"95509917-C33A-43C1-9043-D9618884FDF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF2A7C5-F97C-447B-977D-243321CD807D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A4DF814-73F9-4D04-87BD-03839E7E5BD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.4.0:*:*:*:*:*:*\",\"matchCriteriaId\":\"4198B34C-CFE0-46AD-A2D6-926F5A037759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha14.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"76B25EF2-EFB6-4626-AC51-209523A1342E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha15:*:*:*:*:*:*\",\"matchCriteriaId\":\"D15150B6-8B20-496A-BD97-F598E2C243AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha16:*:*:*:*:*:*\",\"matchCriteriaId\":\"39C8378E-BBFC-48D0-B69B-ED034BAA100C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha17:*:*:*:*:*:*\",\"matchCriteriaId\":\"006A3591-8908-4B9A-A3BA-C2136FC6B009\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha18:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E85C03D-DA48-4F2D-A995-0FC82B61327D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha19:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F314776-5157-488E-B7A8-B074BC31CC63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha20:*:*:*:*:*:*\",\"matchCriteriaId\":\"80EF6FFD-318D-42C7-A5E0-FD2B9E561F68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B46002D9-0AD1-48F2-9CE0-6ECD2AE166DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha22:*:*:*:*:*:*\",\"matchCriteriaId\":\"5184E9EB-396B-412D-88F5-A852F8D74289\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha23:*:*:*:*:*:*\",\"matchCriteriaId\":\"149771DC-DE72-43DB-9B5C-3717B7078FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha23.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A67962C-D35B-408A-BD74-0B4647B81A23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha24:*:*:*:*:*:*\",\"matchCriteriaId\":\"31083AE3-3D91-4F23-AE4C-2EB08FF4BAF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha24.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"651B10C1-918E-4F6C-970B-45FA9DDE83E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha25:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A37EAD-A610-450B-8DC2-A8208200E641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha25.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"836A2C35-38D8-4ED6-B87D-2003C2F3A445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha25.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4153D69D-D158-4AFF-9936-A944B0F7F8E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha26:*:*:*:*:*:*\",\"matchCriteriaId\":\"09EA2597-2BA4-4747-9B52-E4E713594A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha26.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"19C9D4D8-978A-431C-B39C-80AB7B22D7D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha26.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9423DAF3-6295-4B9D-9B99-CAA9EE698548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"021CE25F-44BD-403C-89EB-91127319B7B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha4.8:*:*:*:*:*:*\",\"matchCriteriaId\":\"54039D06-9AE2-4B83-A7D4-80177A3A5F56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha5.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"98503595-C247-499B-8654-424004FAA263\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha5.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE84452-19EC-41BE-9075-D48FA4BFD230\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E106C1-EF1B-4768-AB51-19FEA9597558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"61CE8F6A-7D01-45EE-8EB9-39AE0D2BDB09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha6.7:*:*:*:*:*:*\",\"matchCriteriaId\":\"73C9DB4F-266C-4180-A1C1-8DA14854B52C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha7.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"07D25069-D60A-4E25-9817-575F555AE176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha7.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1377CFAD-6C86-4A7B-AEDC-26ACBE6C4AC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha8:*:*:*:*:*:*\",\"matchCriteriaId\":\"7066F2B2-B0B1-4922-972A-F0B8963FC594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha8.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD5E0CEF-E30E-4828-891B-056A7FC29951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha9:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA634AA2-114D-4D9D-8829-BD8ADA617F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha9.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0321315F-1AE4-4EB8-B701-094196E14689\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:alpha9.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"77710B2A-4AA6-4F2A-80DB-BEF3C08AC628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta0:*:*:*:*:*:*\",\"matchCriteriaId\":\"43D725A4-1141-4A1E-910A-F458D5FBDF7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9267A380-DAAE-4867-A40D-8CA2B15249CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta10:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C52DD2F-1E79-4C8D-8842-E3DA892D72FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta11:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A770C55-AA10-4BA9-954F-6F94FCDE6D77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta12:*:*:*:*:*:*\",\"matchCriteriaId\":\"A11F1B45-461B-407B-A0C0-D53D17D33427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta13:*:*:*:*:*:*\",\"matchCriteriaId\":\"878188D2-C6B0-4BA5-A920-7A8743BA1352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta14:*:*:*:*:*:*\",\"matchCriteriaId\":\"474D3C4C-C5D6-400C-9543-7E42CB6DB3D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta15:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B86604F-2CCD-49FA-9DE5-C9229F268E28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F5E4719-B67D-475B-83C7-EF9989A349A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"66370EFF-1BE1-4641-8ADA-00851D335129\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6280EBB-A0AE-477E-A49B-380D1C873E25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA48F7B-3B19-462A-86FC-1BAB0400D401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"35259067-83E2-472E-85F8-15A1201ACE4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"958DC7DA-9FAC-4BDD-B159-26663BCB4651\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.6:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F9EAB9-7BF7-43F4-84CF-11647C8707F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.7:*:*:*:*:*:*\",\"matchCriteriaId\":\"772C39A2-EFD9-442F-B5B5-9AE9E216247C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta16.8:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C3A062D-48B0-4FB0-9B9B-D446D315AD93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A38D6B-0D09-4FC0-B836-1304F61268B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B0120-D1B7-4C8B-B398-2485291E9E5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34715564-49B1-4616-99B3-E3B11CF9564D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"875D15CF-0BCA-43B7-8E78-BD82DED81BE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D5CD7D3-21B1-452F-8822-47CC9CA8BBE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.5:*:*:*:*:*:*\",\"matchCriteriaId\":\"01C664BC-113B-4E41-B193-44E04908D9BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.6:*:*:*:*:*:*\",\"matchCriteriaId\":\"901547DD-3ABB-4D27-A617-2F53DCF33A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta17.7:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7CB0457-0711-4823-A296-BBB14BC719CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C19783B-FD71-448A-9837-9CC185FAEE95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C191BC7-1324-4D3D-8EC1-CA6B1A937AD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD64614-E236-4556-963E-35089BB4BB93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF9D8992-E2A7-4D51-9CAC-151D99937A66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"88B2D61F-5348-49C1-B35E-B52B960EEC68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B5FAD26-9C56-4A7C-A158-648CBEE44F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta8:*:*:*:*:*:*\",\"matchCriteriaId\":\"291A1ED4-786C-4917-8998-2308E31C8E30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:strapi:strapi:3.0.0:beta9:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAC43D60-CFF5-4FA9-9CE3-CFC6825EEAA7\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bittherapy.net/post/strapi-framework-remote-code-execution/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/strapi/strapi/pull/4636\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.