VulnerableCode Package Details - pkg:npm/%40strapi/plugin-users-permissions@4.5.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/%40strapi/plugin-users-permissions@4.5.6

purl	pkg:npm/%40strapi/plugin-users-permissions@4.5.6

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-5n69-472h-rbcn	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.	CVE-2023-22621 GHSA-2h87-4q2w-v4hf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:44:34.965764+00:00	GitLab Importer	Fixing	VCID-5n69-472h-rbcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@strapi/plugin-users-permissions/CVE-2023-22621.yml	38.6.0