Unauthorized Access to Private Fields in User Registration API (GHSA-gc7p-j5xm-xxh2)
- Severity:
- High
Description
| Name | Value | |———-|————————| | OS | Windows 11 | | Version | 4.11.1 (node v16.14.2) | | Database | mysql |
Recommendation
Update the @strapi/plugin-users-permissions package to the latest compatible version. Followings are version details:
- Affected version(s): >= 4.0.0, < 4.13.1
- Patched version(s): 4.13.1
References
Related Issues
- Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering - CVE-2025-54075
- Improper Verification of Cryptographic Signature in node-forge (GHSA-cfm4-qjh2-4765) - CVE-2022-24771
- @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass - CVE-2024-34065
- DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS - Vulnerability
- Tags:
- npm
- @strapi/plugin-users-permissions
Anything's wrong? Let us know Last updated on November 06, 2023