Description
There is a rate limit on the login function of Strapi’s admin screen, but it is possible to circumvent it.
Recommendation
Update the @strapi/plugin-users-permissions package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.12.1
- Patched version(s): 4.12.1
References
Related Issues
- Axios is vulnerable to DoS attack through lack of data size check - CVE-2025-58754
- @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass - CVE-2024-34065
- Parse Server's custom object ID allows to acquire role privileges - CVE-2024-47183
- XSS in jQuery as used in Drupal, Backdrop CMS, and other products - CVE-2019-11358
- Tags:
- npm
- @strapi/plugin-users-permissions
Anything's wrong? Let us know Last updated on November 11, 2023