Description
In Strapi latest version, at function Settings -> Webhooks, the application allows us to input a URL in order to create a Webook connection. However, we can input into this field the local domains such as localhost, 127.0.0.1, 0.0.0.0,….
Recommendation
Update the @strapi/admin package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.25.2
- Patched version(s): 4.25.2
References
Related Issues
- XSS in the `of` option of the `.position()` util in jquery-ui - CVE-2021-41184
- NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies - CVE-2025-48947
- Redoc Prototype Pollution via `Module.mergeObjects` Component - CVE-2024-57083
- Angular Expressions - Remote Code Execution when using locals - CVE-2024-54152
- Tags:
- npm
- @strapi/admin
Anything's wrong? Let us know Last updated on May 29, 2025