Identifier

CVE-2020-13961

Package Slug

npm/strapi

Vulnerability

Improper Input Validation

Description

Strapi could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.

Affected Versions

All versions before 3.0.2

Solution

Upgrade to version 3.0.2 or above.

Last Modified

2020-06-25

source