@strapi/plugin-users-permissions@4.11.5 vulnerabilities
Protect your API with a full-authentication process based on JWT
-
latest version
4.24.2
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
10 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @strapi/plugin-users-permissions package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Improper Access Control via the "User Registration" API due to improper sanitization of custom fields. An attacker can gain unauthorized access to private fields during user registration by sending a post request with content to fill the private fields. How to fix Improper Access Control? Upgrade |
>=4.0.0 <4.13.1
|
@strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Denial of Service (DoS) such that an attacker can circumvent the rate limit on the login function of Strapi's admin screen. How to fix Denial of Service (DoS)? Upgrade |
<4.12.1
|