CVE-2021-28128: Weak Password Recovery Mechanism for Forgotten Password
(updated )
In Strapi, the admin panel allows the changing of one’s own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password.
References
Detect and mitigate CVE-2021-28128 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →