Description
In Strapi latest version, at function Settings -> Webhooks, the application allows us to input a URL in order to create a Webook connection. However, we can input into this field the local domains such as localhost, 127.0.0.1, 0.0.0.0,….
Recommendation
Update the @strapi/admin package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.25.2
- Patched version(s): 4.25.2
References
Related Issues
- The AuthKit Remix Library renders sensitive auth data in HTML - CVE-2025-55009
- Redoc Prototype Pollution via `Module.mergeObjects` Component - CVE-2024-57083
- Angular Expressions - Remote Code Execution when using locals - CVE-2024-54152
- Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304
- Tags:
- npm
- @strapi/admin
Anything's wrong? Let us know Last updated on May 29, 2025