CVE-2024-56143: Strapi Allows Unauthorized Access to Private Fields via parms.lookup

October 16, 2025

It’s possible to access any private fields by filtering through the lookup parameters

References

github.com/advisories/GHSA-495j-h493-42q2
github.com/strapi/strapi
github.com/strapi/strapi/commit/0c6e0953ae1e62afae9329de7ae6d6a5e21b95b8
github.com/strapi/strapi/security/advisories/GHSA-495j-h493-42q2
nvd.nist.gov/vuln/detail/CVE-2024-56143

Code Behaviors & Features

Detect and mitigate CVE-2024-56143 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →