CVE-2023-22621

CVSS V2 None CVSS V3 None
Description
Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.
Overview
  • CVE ID
  • CVE-2023-22621
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Undergoing Analysis
  • Published Version
  • 2023-04-19T16:15:07
  • Last Modified Date
  • 2023-04-19T19:52:18
History
Created Old Value New Value Data Type Notes
2023-04-19 17:01:19 Added to TrackCVE
2023-04-19 20:01:31 2023-04-19T19:52:18 CVE Modified Date updated
2023-04-19 20:01:31 Received Awaiting Analysis Vulnerability Status updated
2023-04-26 11:00:41 Awaiting Analysis Undergoing Analysis Vulnerability Status updated