Advisories for Npm/@Strapi/Admin package

Attackers can get access to user reset password tokens if they have the configure view permissions.

1. Summary There is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. 2. Details It is possible to avoid this by modifying the rate-limited request path as follows. Manipulating request paths to upper or lower case. (Pattern 1) In this case, avoidance is possible with various patterns. Add path slashes to the end of the request path. (Pattern 2) 3. …