🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

CMS Strapi Issues Security Disclosure of Vulnerabilities

Published 23/04/2023, 07:41
CMS Strapi Issues Security Disclosure of Vulnerabilities

  • Strapi issued a security alert, advising the users to upgrade their Strapi version to 4.x.x
  • The Strapi 3.x.x version expired in December 2022.
  • The platform added that the vulnerabilities could be misused by the attackers.

Strapi, the open-source headless Content Management System (CMS) issued a security disclosure of vulnerabilities alerting users to upgrade their Strapi version 3.x.x as it expired on December 31, 2022. The platform cautioned the users to immediately get updated to the 4.x.x version if their current version is 3.x.x or below.

Subsequent to the security alert, the Chinese reporter Collin Wu, invited the attention of the Twitter community by posting on his official page, Wu Blockchain, creating awareness of the issue:

Notably, the reporter added that the vulnerability could be misused by the attackers to take over the Admin accounts; he suggested that it would be better to upgrade as soon as possible as there exists a “large number of projects in the cryptocurrency industry” depending on the project.

Significantly, Strapi proclaimed that the researcher reported on December 29, 2022, that the server-side template injection (SSTI) vulnerability has been impacting their users-permission plugin’s email template system.

In detail, the SSTI vulnerability facilitated the modification of the default email template, executing “malicious code” through remote code execution (RCE).

It is noteworthy that Strapi wasn’t interested in elaborating on the in-depth details of the vulnerabilities, instead, the platform wanted to “communicate on the IoCs (indicators of compromise)”, thereby directing the users to analyze whether they have been affected.

Further, Strapi notified that the vulnerability is likely to affect all the Strapi v3 and Strapi v4 versions prior to v4.5.6, and advised the users to upgrade beyond v4.8.0.

The post CMS Strapi Issues Security Disclosure of Vulnerabilities appeared first on Coin Edition.

Read more on Coin Edition

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers
© 2007-2024 - Fusion Media Limited. All Rights Reserved.