CVE-2022-0764 Information
Jun 07, 2022
cve
Description
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Reference
https://huntr.dev/bounties/001d1c29-805a-4035-93bb-71a0e81da3e5 https://github.com/strapi/strapi/commit/2a3f5e988be6a2c7dae5ac22b9e86d579b462f4c https://github.com/strapi/strapi/issues/12879
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.7
Share on: