CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
https://github.com/strapi/strapi/pull/4443	Third Party Advisory
https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5	Release Notes Third Party Advisory
https://www.npmjs.com/advisories/1311	Third Party Advisory
http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
https://github.com/strapi/strapi/pull/4443	Third Party Advisory
https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5	Release Notes Third Party Advisory
https://www.npmjs.com/advisories/1311	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:strapi:strapi::::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha10.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha10.2::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha10.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha11::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha11.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha11.2::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha11.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.2::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.4::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.5::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.6::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha13::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha13.0.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha13.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha14::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha14.2::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha14.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha14.4.0::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha14.5::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha15::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha16::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha17::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha18::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha19::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha20::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha21::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha22::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha23::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha23.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha24::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha24.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha25::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha25.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha25.2::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha26::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha26.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha26.2::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha4::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha4.8::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha5.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha5.5::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha6.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha6.4::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha6.7::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha7.2::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha7.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha8::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha8.3::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha9::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha9.1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:alpha9.2::::::
	cpe:2.3:a:strapi:strapi:3.0.0:beta0::::::
	cpe:2.3:a:strapi:strapi:3.0.0:beta1::::::
	cpe:2.3:a:strapi:strapi:3.0.0:beta10::::::
	cpe:2.3:a:strapi:strapi:3.0.0:beta11::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta12::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta13::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta14::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta15::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16.1::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16.2::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16.3::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16.4::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16.5::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16.6::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16.7::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta16.8::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta17::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta17.1::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta17.2::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta17.3::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta17.4::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta2::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta3::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta4::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta5::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta6::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta7::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta8::::::
cpe:2.3:a:strapi:strapi:3.0.0:beta9::::::

History

21 Nov 2024, 04:33

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~() http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry
References	~~() https://github.com/strapi/strapi/pull/4443 - Third Party Advisory~~	() https://github.com/strapi/strapi/pull/4443 - Third Party Advisory
References	~~() https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5 - Release Notes, Third Party Advisory~~	() https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5 - Release Notes, Third Party Advisory
References	~~() https://www.npmjs.com/advisories/1311 - Third Party Advisory~~	() https://www.npmjs.com/advisories/1311 - Third Party Advisory

Information

Published : 2019-11-07 22:15

Updated : 2024-11-21 04:33

NVD link : CVE-2019-18818

Mitre link : CVE-2019-18818

CVE.ORG link : CVE-2019-18818

JSON object : View

Products Affected

strapi

strapi

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

{"id": "CVE-2019-18818", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-11-07T22:15:10.570", "references": [{"url": "http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/strapi/strapi/pull/4443", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.npmjs.com/advisories/1311", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/strapi/strapi/pull/4443", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.npmjs.com/advisories/1311", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js."}, {"lang": "es", "value": "strapi versiones anteriores a 3.0.0-beta.17.5, maneja inapropiadamente los restablecimientos de contrase\u00f1a dentro de los archivos packages/strapi-admin/controllers/Auth.js y packages/strapi-plugin-users-permissions/controllers/Auth.js."}], "lastModified": "2024-11-21T04:33:38.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A97983D3-FFBA-485E-8496-6489A9074853", "versionEndIncluding": "1.6.4"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E72C7A0-197D-4324-BBB4-663223C52C7C"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "954FDA03-9914-42DC-9AF0-81CB69BD0442"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha10.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B4D7C63-F071-4572-BD81-65ABCA693A8E"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "003189F7-77BD-416F-A253-C808E7E38A11"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1DDFD47-7C0A-447F-9A34-F7690B28A4B0"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3EA2B22-E04D-48FB-8BD9-9CD66598346A"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha11.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F39E9F5-8AEE-4E26-A084-1BF813A65FFD"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31EC2516-DA0E-4710-AB98-11E1081764DA"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C28A62-C16D-47D6-9D56-2B236287CBF6"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.1.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D000CAF1-B033-4CF6-B6B4-1A9C10239886"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C424AFC4-3DBA-4F69-A030-6B143ADEAE13"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B8C9E2B-58B7-4938-BF34-BB2E4322F53F"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE6F7CA0-11AE-45F0-B1AA-034A32CC0C5E"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3747021-429C-4D16-A740-A9C69FA06561"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E76C452-5545-4495-A671-4207A3DFE710"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D493E54-F8BE-470D-B78C-EF2E48645BEB"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha12.7.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C6D99B-67E0-4828-A812-EA987D585C75"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D0EA14-3E88-491D-9522-5F9F2F968329"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13.0.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38DF3333-7B40-41A1-8C1A-EE644867193C"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha13.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECC59C0A-60C1-4DC7-B127-D512271DA491"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17CA9542-43DC-4D7D-A159-D7D56639EE46"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1826129C-FF15-4422-97CA-F383E6F86B36"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.1.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95509917-C33A-43C1-9043-D9618884FDF2"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CF2A7C5-F97C-447B-977D-243321CD807D"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A4DF814-73F9-4D04-87BD-03839E7E5BD0"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.4.0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4198B34C-CFE0-46AD-A2D6-926F5A037759"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha14.5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76B25EF2-EFB6-4626-AC51-209523A1342E"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D15150B6-8B20-496A-BD97-F598E2C243AD"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39C8378E-BBFC-48D0-B69B-ED034BAA100C"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "006A3591-8908-4B9A-A3BA-C2136FC6B009"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E85C03D-DA48-4F2D-A995-0FC82B61327D"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F314776-5157-488E-B7A8-B074BC31CC63"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80EF6FFD-318D-42C7-A5E0-FD2B9E561F68"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B46002D9-0AD1-48F2-9CE0-6ECD2AE166DD"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5184E9EB-396B-412D-88F5-A852F8D74289"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "149771DC-DE72-43DB-9B5C-3717B7078FB6"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha23.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A67962C-D35B-408A-BD74-0B4647B81A23"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31083AE3-3D91-4F23-AE4C-2EB08FF4BAF9"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha24.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "651B10C1-918E-4F6C-970B-45FA9DDE83E5"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20A37EAD-A610-450B-8DC2-A8208200E641"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "836A2C35-38D8-4ED6-B87D-2003C2F3A445"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha25.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4153D69D-D158-4AFF-9936-A944B0F7F8E0"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09EA2597-2BA4-4747-9B52-E4E713594A00"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19C9D4D8-978A-431C-B39C-80AB7B22D7D0"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha26.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9423DAF3-6295-4B9D-9B99-CAA9EE698548"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "021CE25F-44BD-403C-89EB-91127319B7B8"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha4.8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54039D06-9AE2-4B83-A7D4-80177A3A5F56"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha5.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98503595-C247-499B-8654-424004FAA263"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha5.5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EE84452-19EC-41BE-9075-D48FA4BFD230"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01E106C1-EF1B-4768-AB51-19FEA9597558"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61CE8F6A-7D01-45EE-8EB9-39AE0D2BDB09"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha6.7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73C9DB4F-266C-4180-A1C1-8DA14854B52C"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha7.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07D25069-D60A-4E25-9817-575F555AE176"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha7.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1377CFAD-6C86-4A7B-AEDC-26ACBE6C4AC3"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7066F2B2-B0B1-4922-972A-F0B8963FC594"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha8.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD5E0CEF-E30E-4828-891B-056A7FC29951"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA634AA2-114D-4D9D-8829-BD8ADA617F71"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0321315F-1AE4-4EB8-B701-094196E14689"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:alpha9.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77710B2A-4AA6-4F2A-80DB-BEF3C08AC628"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43D725A4-1141-4A1E-910A-F458D5FBDF7E"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9267A380-DAAE-4867-A40D-8CA2B15249CA"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C52DD2F-1E79-4C8D-8842-E3DA892D72FE"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A770C55-AA10-4BA9-954F-6F94FCDE6D77"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A11F1B45-461B-407B-A0C0-D53D17D33427"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878188D2-C6B0-4BA5-A920-7A8743BA1352"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "474D3C4C-C5D6-400C-9543-7E42CB6DB3D2"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B86604F-2CCD-49FA-9DE5-C9229F268E28"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F5E4719-B67D-475B-83C7-EF9989A349A3"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66370EFF-1BE1-4641-8ADA-00851D335129"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6280EBB-A0AE-477E-A49B-380D1C873E25"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FA48F7B-3B19-462A-86FC-1BAB0400D401"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35259067-83E2-472E-85F8-15A1201ACE4C"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "958DC7DA-9FAC-4BDD-B159-26663BCB4651"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1F9EAB9-7BF7-43F4-84CF-11647C8707F1"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "772C39A2-EFD9-442F-B5B5-9AE9E216247C"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta16.8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C3A062D-48B0-4FB0-9B9B-D446D315AD93"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A38D6B-0D09-4FC0-B836-1304F61268B2"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "490B0120-D1B7-4C8B-B398-2485291E9E5C"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34715564-49B1-4616-99B3-E3B11CF9564D"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "875D15CF-0BCA-43B7-8E78-BD82DED81BE3"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta17.4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D5CD7D3-21B1-452F-8822-47CC9CA8BBE8"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C19783B-FD71-448A-9837-9CC185FAEE95"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C191BC7-1324-4D3D-8EC1-CA6B1A937AD0"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BD64614-E236-4556-963E-35089BB4BB93"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF9D8992-E2A7-4D51-9CAC-151D99937A66"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88B2D61F-5348-49C1-B35E-B52B960EEC68"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B5FAD26-9C56-4A7C-A158-648CBEE44F5E"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "291A1ED4-786C-4917-8998-2308E31C8E30"}, {"criteria": "cpe:2.3:a:strapi:strapi:3.0.0:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAC43D60-CFF5-4FA9-9CE3-CFC6825EEAA7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.8 /10