CVE-2020-13961
npm/strapi
Improper Input Validation
Strapi could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.
All versions before 3.0.2
Upgrade to version 3.0.2 or above.
2020-06-25
source |