{"url":"http://public2.vulnerablecode.io/api/packages/25323?format=json","purl":"pkg:npm/%40strapi/strapi@4.1.12","type":"npm","namespace":"@strapi","name":"strapi","version":"4.1.12","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.24.1","latest_non_vulnerable_version":"5.37.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127099?format=json","vulnerability_id":"VCID-5fwn-px5n-sqd2","summary":"Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is set to 30 days by default, but can be changed). \nThe existence of /admin/renew-token endpoint allows anyone to renew near-expiration tokens indefinitely, further increasing the impact of this attack. \n\nThis issue has been fixed in version 5.24.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3930","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20365","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3930"},{"reference_url":"https://strapi.io","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://strapi.io"},{"reference_url":"https://cert.pl/en/posts/2025/06/CVE-2025-3930","reference_id":"CVE-2025-3930","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:37:13Z/"}],"url":"https://cert.pl/en/posts/2025/06/CVE-2025-3930"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3930","reference_id":"CVE-2025-3930","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3930"},{"reference_url":"https://github.com/advisories/GHSA-4r8w-3jww-m2rp","reference_id":"GHSA-4r8w-3jww-m2rp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4r8w-3jww-m2rp"},{"reference_url":"https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve-October-2025","reference_id":"security-disclosure-of-vulnerabilities-cve-October-2025","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:37:13Z/"}],"url":"https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve-October-2025"},{"reference_url":"https://github.com/strapi/strapi","reference_id":"strapi","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:37:13Z/"}],"url":"https://github.com/strapi/strapi"},{"reference_url":"https://strapi.io/","reference_id":"strapi.io","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-16T13:37:13Z/"}],"url":"https://strapi.io/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34508?format=json","purl":"pkg:npm/%40strapi/strapi@5.24.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@5.24.1"}],"aliases":["CVE-2025-3930","GHSA-4r8w-3jww-m2rp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5fwn-px5n-sqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139652?format=json","vulnerability_id":"VCID-9ms4-72fn-nqf8","summary":"strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39345","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23475","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39345"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39345","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39345"},{"reference_url":"https://strapi.io/blog/security-disclosure-of-vulnerabilities-sept-2023","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://strapi.io/blog/security-disclosure-of-vulnerabilities-sept-2023"},{"reference_url":"https://github.com/advisories/GHSA-gc7p-j5xm-xxh2","reference_id":"GHSA-gc7p-j5xm-xxh2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc7p-j5xm-xxh2"},{"reference_url":"https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2","reference_id":"GHSA-gc7p-j5xm-xxh2","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T19:26:27Z/"}],"url":"https://github.com/strapi/strapi/security/advisories/GHSA-gc7p-j5xm-xxh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381188?format=json","purl":"pkg:npm/%40strapi/strapi@4.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5fwn-px5n-sqd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.13.1"}],"aliases":["CVE-2023-39345","GHSA-gc7p-j5xm-xxh2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ms4-72fn-nqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149830?format=json","vulnerability_id":"VCID-j1sz-3wn5-kfcs","summary":"Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22894","reference_id":"","reference_type":"","scores":[{"value":"0.17914","scoring_system":"epss","scoring_elements":"0.95294","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22894"},{"reference_url":"https://github.com/strapi/strapi/releases/tag/v4.8.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/strapi/strapi/releases/tag/v4.8.0"},{"reference_url":"https://github.com/strapi/strapi/security/advisories/GHSA-jjqf-j4w7-92w8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/strapi/strapi/security/advisories/GHSA-jjqf-j4w7-92w8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22894","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22894"},{"reference_url":"https://www.ghostccamm.com/blog/multi_strapi_vulns","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ghostccamm.com/blog/multi_strapi_vulns"},{"reference_url":"https://github.com/advisories/GHSA-jjqf-j4w7-92w8","reference_id":"GHSA-jjqf-j4w7-92w8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjqf-j4w7-92w8"},{"reference_url":"https://www.ghostccamm.com/blog/multi_strapi_vulns/","reference_id":"multi_strapi_vulns","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T16:37:12Z/"}],"url":"https://www.ghostccamm.com/blog/multi_strapi_vulns/"},{"reference_url":"https://github.com/strapi/strapi/releases","reference_id":"releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T16:37:12Z/"}],"url":"https://github.com/strapi/strapi/releases"},{"reference_url":"https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve","reference_id":"security-disclosure-of-vulnerabilities-cve","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T16:37:12Z/"}],"url":"https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379349?format=json","purl":"pkg:npm/%40strapi/strapi@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5fwn-px5n-sqd2"},{"vulnerability":"VCID-9ms4-72fn-nqf8"},{"vulnerability":"VCID-uqjf-k4zz-kufb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.8.0"}],"aliases":["CVE-2023-22894","GHSA-jjqf-j4w7-92w8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1sz-3wn5-kfcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211028?format=json","vulnerability_id":"VCID-pw18-5x9h-hyhx","summary":"Strapi 4.1.12 Cross-site Scripting via crafted file","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32114","reference_id":"","reference_type":"","scores":[{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86499","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32114"},{"reference_url":"https://docs.strapi.io/dev-docs/configurations/public-assets","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.strapi.io/dev-docs/configurations/public-assets"},{"reference_url":"https://docs.strapi.io/user-docs/users-roles-permissions/configuring-administrator-roles","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.strapi.io/user-docs/users-roles-permissions/configuring-administrator-roles"},{"reference_url":"https://github.com/bypazs/strapi","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bypazs/strapi"},{"reference_url":"https://github.com/strapi/strapi/blob/d9277d616b4478a3839e79e47330a4aaf167a2f1/packages/core/content-type-builder/admin/src/components/AllowedTypesSelect/index.js#L14","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/strapi/strapi/blob/d9277d616b4478a3839e79e47330a4aaf167a2f1/packages/core/content-type-builder/admin/src/components/AllowedTypesSelect/index.js#L14"},{"reference_url":"https://github.com/strapi/strapi/blob/d9277d616b4478a3839e79e47330a4aaf167a2f1/packages/core/upload/admin/src/components/MediaLibraryInput/index.js#L33","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/strapi/strapi/blob/d9277d616b4478a3839e79e47330a4aaf167a2f1/packages/core/upload/admin/src/components/MediaLibraryInput/index.js#L33"},{"reference_url":"https://grimthereaperteam.medium.com/strapi-v4-1-12-unrestricted-file-upload-b993bfd07e4e","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://grimthereaperteam.medium.com/strapi-v4-1-12-unrestricted-file-upload-b993bfd07e4e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32114","reference_id":"CVE-2022-32114","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32114"},{"reference_url":"https://github.com/advisories/GHSA-4vm8-j95f-j6v5","reference_id":"GHSA-4vm8-j95f-j6v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vm8-j95f-j6v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/575967?format=json","purl":"pkg:npm/%40strapi/strapi@4.2.0-alpha.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5fwn-px5n-sqd2"},{"vulnerability":"VCID-9ms4-72fn-nqf8"},{"vulnerability":"VCID-j1sz-3wn5-kfcs"},{"vulnerability":"VCID-uqjf-k4zz-kufb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.2.0-alpha.0"}],"aliases":["CVE-2022-32114","GHSA-4vm8-j95f-j6v5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pw18-5x9h-hyhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/141862?format=json","vulnerability_id":"VCID-uqjf-k4zz-kufb","summary":"Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34093","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27427","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34093"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34093","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34093"},{"reference_url":"https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de","reference_id":"2fa8f30371bfd1db44c15e5747860ee5789096de","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/"}],"url":"https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de"},{"reference_url":"https://github.com/advisories/GHSA-chmr-rg2f-9jmf","reference_id":"GHSA-chmr-rg2f-9jmf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chmr-rg2f-9jmf"},{"reference_url":"https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf","reference_id":"GHSA-chmr-rg2f-9jmf","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/"}],"url":"https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf"},{"reference_url":"https://github.com/strapi/strapi/releases/tag/v4.10.8","reference_id":"v4.10.8","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T20:03:21Z/"}],"url":"https://github.com/strapi/strapi/releases/tag/v4.10.8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381506?format=json","purl":"pkg:npm/%40strapi/strapi@4.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5fwn-px5n-sqd2"},{"vulnerability":"VCID-9ms4-72fn-nqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.10.8"}],"aliases":["CVE-2023-34093","GHSA-chmr-rg2f-9jmf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uqjf-k4zz-kufb"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540strapi/strapi@4.1.12"}