CVE-2023-22621
CVSS V2 None
CVSS V3 None
Description
Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.
Overview
- CVE ID
- CVE-2023-22621
- Assigner
- cve@mitre.org
- Vulnerability Status
- Undergoing Analysis
- Published Version
- 2023-04-19T16:15:07
- Last Modified Date
- 2023-04-19T19:52:18
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-22621 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22621 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-19 17:01:19 | Added to TrackCVE | |||
2023-04-19 20:01:31 | 2023-04-19T19:52:18 | CVE Modified Date | updated | |
2023-04-19 20:01:31 | Received | Awaiting Analysis | Vulnerability Status | updated |
2023-04-26 11:00:41 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |