CNNVD-202510-2351 Information
CNNVD ID
CNNVD-202510-2351
Related CVE
- CNNVD Published: 2025-10-16
Description (Chinese)
Strapi是法国strapi社区的一套开源的内容管理系统(CMS)。 Strapi 5.0.0版本至5.5.2之前版本存在安全漏洞,该漏洞源于文档服务的查找操作未正确清理私有字段的查询参数,可能导致攻击者通过特制查询访问私有字段。
Description (English)
Strapi is an open-source content management system (CMS) for the French community of Strapi. There is a security loophole in the pre-Strapi version 5.0.0 to 5.5.2, which arises from the fact that the search operation of the document service did not correctly clear the search parameters of the private field, which may lead to the attacker accessing the private field through a custom search.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
strapi
Published
2025-10-16
Last Modified
2026-02-24
References
https://github.com/strapi/strapi/commit/0c6e0953ae1e62afae9329de7ae6d6a5e21b95b8 https://github.com/strapi/strapi/security/advisories/GHSA-495j-h493-42q2
Patch
https://github.com/strapi/strapi/releases
Share on: