FKIE_CVE-2019-19609
Vulnerability from fkie_nvd - Published: 2019-12-05 20:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A97983D3-FFBA-485E-8496-6489A9074853",
"versionEndIncluding": "1.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.1:*:*:*:*:*:*",
"matchCriteriaId": "3E72C7A0-197D-4324-BBB4-663223C52C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.2:*:*:*:*:*:*",
"matchCriteriaId": "954FDA03-9914-42DC-9AF0-81CB69BD0442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.3:*:*:*:*:*:*",
"matchCriteriaId": "7B4D7C63-F071-4572-BD81-65ABCA693A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11:*:*:*:*:*:*",
"matchCriteriaId": "003189F7-77BD-416F-A253-C808E7E38A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.1:*:*:*:*:*:*",
"matchCriteriaId": "A1DDFD47-7C0A-447F-9A34-F7690B28A4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.2:*:*:*:*:*:*",
"matchCriteriaId": "F3EA2B22-E04D-48FB-8BD9-9CD66598346A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.3:*:*:*:*:*:*",
"matchCriteriaId": "6F39E9F5-8AEE-4E26-A084-1BF813A65FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12:*:*:*:*:*:*",
"matchCriteriaId": "31EC2516-DA0E-4710-AB98-11E1081764DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1:*:*:*:*:*:*",
"matchCriteriaId": "62C28A62-C16D-47D6-9D56-2B236287CBF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1.3:*:*:*:*:*:*",
"matchCriteriaId": "D000CAF1-B033-4CF6-B6B4-1A9C10239886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.2:*:*:*:*:*:*",
"matchCriteriaId": "C424AFC4-3DBA-4F69-A030-6B143ADEAE13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.3:*:*:*:*:*:*",
"matchCriteriaId": "1B8C9E2B-58B7-4938-BF34-BB2E4322F53F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.4:*:*:*:*:*:*",
"matchCriteriaId": "CE6F7CA0-11AE-45F0-B1AA-034A32CC0C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.5:*:*:*:*:*:*",
"matchCriteriaId": "F3747021-429C-4D16-A740-A9C69FA06561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.6:*:*:*:*:*:*",
"matchCriteriaId": "2E76C452-5545-4495-A671-4207A3DFE710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7:*:*:*:*:*:*",
"matchCriteriaId": "6D493E54-F8BE-470D-B78C-EF2E48645BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7.1:*:*:*:*:*:*",
"matchCriteriaId": "11C6D99B-67E0-4828-A812-EA987D585C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13:*:*:*:*:*:*",
"matchCriteriaId": "D6D0EA14-3E88-491D-9522-5F9F2F968329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13.0.1:*:*:*:*:*:*",
"matchCriteriaId": "38DF3333-7B40-41A1-8C1A-EE644867193C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13.1:*:*:*:*:*:*",
"matchCriteriaId": "ECC59C0A-60C1-4DC7-B127-D512271DA491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14:*:*:*:*:*:*",
"matchCriteriaId": "17CA9542-43DC-4D7D-A159-D7D56639EE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1:*:*:*:*:*:*",
"matchCriteriaId": "1826129C-FF15-4422-97CA-F383E6F86B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1.1:*:*:*:*:*:*",
"matchCriteriaId": "95509917-C33A-43C1-9043-D9618884FDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.2:*:*:*:*:*:*",
"matchCriteriaId": "2CF2A7C5-F97C-447B-977D-243321CD807D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.3:*:*:*:*:*:*",
"matchCriteriaId": "0A4DF814-73F9-4D04-87BD-03839E7E5BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.4.0:*:*:*:*:*:*",
"matchCriteriaId": "4198B34C-CFE0-46AD-A2D6-926F5A037759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.5:*:*:*:*:*:*",
"matchCriteriaId": "76B25EF2-EFB6-4626-AC51-209523A1342E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha15:*:*:*:*:*:*",
"matchCriteriaId": "D15150B6-8B20-496A-BD97-F598E2C243AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha16:*:*:*:*:*:*",
"matchCriteriaId": "39C8378E-BBFC-48D0-B69B-ED034BAA100C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha17:*:*:*:*:*:*",
"matchCriteriaId": "006A3591-8908-4B9A-A3BA-C2136FC6B009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha18:*:*:*:*:*:*",
"matchCriteriaId": "1E85C03D-DA48-4F2D-A995-0FC82B61327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha19:*:*:*:*:*:*",
"matchCriteriaId": "1F314776-5157-488E-B7A8-B074BC31CC63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha20:*:*:*:*:*:*",
"matchCriteriaId": "80EF6FFD-318D-42C7-A5E0-FD2B9E561F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha21:*:*:*:*:*:*",
"matchCriteriaId": "B46002D9-0AD1-48F2-9CE0-6ECD2AE166DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha22:*:*:*:*:*:*",
"matchCriteriaId": "5184E9EB-396B-412D-88F5-A852F8D74289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha23:*:*:*:*:*:*",
"matchCriteriaId": "149771DC-DE72-43DB-9B5C-3717B7078FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha23.1:*:*:*:*:*:*",
"matchCriteriaId": "2A67962C-D35B-408A-BD74-0B4647B81A23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha24:*:*:*:*:*:*",
"matchCriteriaId": "31083AE3-3D91-4F23-AE4C-2EB08FF4BAF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha24.1:*:*:*:*:*:*",
"matchCriteriaId": "651B10C1-918E-4F6C-970B-45FA9DDE83E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25:*:*:*:*:*:*",
"matchCriteriaId": "20A37EAD-A610-450B-8DC2-A8208200E641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25.1:*:*:*:*:*:*",
"matchCriteriaId": "836A2C35-38D8-4ED6-B87D-2003C2F3A445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25.2:*:*:*:*:*:*",
"matchCriteriaId": "4153D69D-D158-4AFF-9936-A944B0F7F8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26:*:*:*:*:*:*",
"matchCriteriaId": "09EA2597-2BA4-4747-9B52-E4E713594A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26.1:*:*:*:*:*:*",
"matchCriteriaId": "19C9D4D8-978A-431C-B39C-80AB7B22D7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26.2:*:*:*:*:*:*",
"matchCriteriaId": "9423DAF3-6295-4B9D-9B99-CAA9EE698548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "021CE25F-44BD-403C-89EB-91127319B7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha4.8:*:*:*:*:*:*",
"matchCriteriaId": "54039D06-9AE2-4B83-A7D4-80177A3A5F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha5.3:*:*:*:*:*:*",
"matchCriteriaId": "98503595-C247-499B-8654-424004FAA263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha5.5:*:*:*:*:*:*",
"matchCriteriaId": "6EE84452-19EC-41BE-9075-D48FA4BFD230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.3:*:*:*:*:*:*",
"matchCriteriaId": "01E106C1-EF1B-4768-AB51-19FEA9597558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.4:*:*:*:*:*:*",
"matchCriteriaId": "61CE8F6A-7D01-45EE-8EB9-39AE0D2BDB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.7:*:*:*:*:*:*",
"matchCriteriaId": "73C9DB4F-266C-4180-A1C1-8DA14854B52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha7.2:*:*:*:*:*:*",
"matchCriteriaId": "07D25069-D60A-4E25-9817-575F555AE176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha7.3:*:*:*:*:*:*",
"matchCriteriaId": "1377CFAD-6C86-4A7B-AEDC-26ACBE6C4AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "7066F2B2-B0B1-4922-972A-F0B8963FC594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha8.3:*:*:*:*:*:*",
"matchCriteriaId": "AD5E0CEF-E30E-4828-891B-056A7FC29951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "FA634AA2-114D-4D9D-8829-BD8ADA617F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9.1:*:*:*:*:*:*",
"matchCriteriaId": "0321315F-1AE4-4EB8-B701-094196E14689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9.2:*:*:*:*:*:*",
"matchCriteriaId": "77710B2A-4AA6-4F2A-80DB-BEF3C08AC628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "43D725A4-1141-4A1E-910A-F458D5FBDF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9267A380-DAAE-4867-A40D-8CA2B15249CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "1C52DD2F-1E79-4C8D-8842-E3DA892D72FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "8A770C55-AA10-4BA9-954F-6F94FCDE6D77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "A11F1B45-461B-407B-A0C0-D53D17D33427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "878188D2-C6B0-4BA5-A920-7A8743BA1352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "474D3C4C-C5D6-400C-9543-7E42CB6DB3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "9B86604F-2CCD-49FA-9DE5-C9229F268E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "8F5E4719-B67D-475B-83C7-EF9989A349A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.1:*:*:*:*:*:*",
"matchCriteriaId": "66370EFF-1BE1-4641-8ADA-00851D335129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.2:*:*:*:*:*:*",
"matchCriteriaId": "C6280EBB-A0AE-477E-A49B-380D1C873E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.3:*:*:*:*:*:*",
"matchCriteriaId": "2FA48F7B-3B19-462A-86FC-1BAB0400D401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.4:*:*:*:*:*:*",
"matchCriteriaId": "35259067-83E2-472E-85F8-15A1201ACE4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.5:*:*:*:*:*:*",
"matchCriteriaId": "958DC7DA-9FAC-4BDD-B159-26663BCB4651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.6:*:*:*:*:*:*",
"matchCriteriaId": "A1F9EAB9-7BF7-43F4-84CF-11647C8707F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.7:*:*:*:*:*:*",
"matchCriteriaId": "772C39A2-EFD9-442F-B5B5-9AE9E216247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.8:*:*:*:*:*:*",
"matchCriteriaId": "9C3A062D-48B0-4FB0-9B9B-D446D315AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "01A38D6B-0D09-4FC0-B836-1304F61268B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.1:*:*:*:*:*:*",
"matchCriteriaId": "490B0120-D1B7-4C8B-B398-2485291E9E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.2:*:*:*:*:*:*",
"matchCriteriaId": "34715564-49B1-4616-99B3-E3B11CF9564D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.3:*:*:*:*:*:*",
"matchCriteriaId": "875D15CF-0BCA-43B7-8E78-BD82DED81BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.4:*:*:*:*:*:*",
"matchCriteriaId": "1D5CD7D3-21B1-452F-8822-47CC9CA8BBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.5:*:*:*:*:*:*",
"matchCriteriaId": "01C664BC-113B-4E41-B193-44E04908D9BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.6:*:*:*:*:*:*",
"matchCriteriaId": "901547DD-3ABB-4D27-A617-2F53DCF33A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.7:*:*:*:*:*:*",
"matchCriteriaId": "D7CB0457-0711-4823-A296-BBB14BC719CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7C19783B-FD71-448A-9837-9CC185FAEE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7C191BC7-1324-4D3D-8EC1-CA6B1A937AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3BD64614-E236-4556-963E-35089BB4BB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF9D8992-E2A7-4D51-9CAC-151D99937A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "88B2D61F-5348-49C1-B35E-B52B960EEC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "1B5FAD26-9C56-4A7C-A158-648CBEE44F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "291A1ED4-786C-4917-8998-2308E31C8E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "EAC43D60-CFF5-4FA9-9CE3-CFC6825EEAA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function."
},
{
"lang": "es",
"value": "El framework Strapi versiones anteriores a 3.0.0-beta.17.8, es vulnerable a una Ejecuci\u00f3n de C\u00f3digo Remota en los componentes del Plugin de Instalaci\u00f3n y Desinstalaci\u00f3n del panel de Administraci\u00f3n, ya que no sanea el nombre del plugin y los atacantes pueden inyectar comandos de shell arbitrarios para ser ejecutados mediante la funci\u00f3n execa."
}
],
"id": "CVE-2019-19609",
"lastModified": "2024-11-21T04:35:03.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-05T20:15:10.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/strapi/strapi/pull/4636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bittherapy.net/post/strapi-framework-remote-code-execution/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/strapi/strapi/pull/4636"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…