VulnerableCode Package Details - pkg:npm/%40strapi/admin@4.25.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/%40strapi/admin@4.25.2

Essentials
History (2)

purl	pkg:npm/%40strapi/admin@4.25.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-s8e6-3wdh-k3gz	Strapi allows Server-Side Request Forgery in Webhook function In Strapi latest version, at function Settings -> Webhooks, the application allows us to input a URL in order to create a Webook connection. However, we can input into this field the local domains such as `localhost`, `127.0.0.1`, `0.0.0.0`,.... in order to make the Application fetching into the internal itself, which causes the vulnerability `Server - Side Request Forgery (SSRF)`.	CVE-2024-52588 GHSA-v8wj-f5c7-pvxf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:14:04.261840+00:00	GithubOSV Importer	Fixing	VCID-s8e6-3wdh-k3gz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-v8wj-f5c7-pvxf/GHSA-v8wj-f5c7-pvxf.json	38.6.0
2026-06-04T16:24:03.978146+00:00	GitLab Importer	Fixing	VCID-s8e6-3wdh-k3gz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@strapi/admin/CVE-2024-52588.yml	38.6.0